Remove superfluous comments

Remove a few comments that previously add noise but don't offer a great
deal of value.

Issue gh-8945

acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java

@@ -557,7 +557,6 @@ public class AclImplTests {
 
 	@Test
 	public void hashCodeWithoutStackOverFlow() throws Exception {
-		// given
 		Sid sid = new PrincipalSid("pSid");
 		ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
 		AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role"));
@@ -570,7 +569,6 @@ public class AclImplTests {
 		fieldAces.setAccessible(true);
 		List<AccessControlEntryImpl> aces = (List<AccessControlEntryImpl>) fieldAces.get(acl);
 		aces.add(ace);
-		// when - then none StackOverFlowError been raised
 		ace.hashCode();
 	}
 

acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java

@@ -61,119 +61,76 @@ public class AclClassIdUtilsTests {
 
 	@Test
 	public void shouldReturnLongIfIdentifierIsLong() throws SQLException {
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfIdentifierIsBigInteger() throws SQLException {
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(BIGINT_IDENTIFIER, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfClassIdTypeIsNull() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn(null);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfNoClassIdTypeColumn() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willThrow(SQLException.class);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongIfTypeClassNotFound() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("com.example.UnknownType");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongEvenIfCustomConversionServiceDoesNotSupportLongConversion() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
 		given(this.conversionService.canConvert(String.class, Long.class)).willReturn(false);
 		this.aclClassIdUtils.setConversionService(this.conversionService);
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnLongWhenLongClassIdType() throws SQLException {
-		// given
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.Long");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
 	}
 
 	@Test
 	public void shouldReturnUUIDWhenUUIDClassIdType() throws SQLException {
-		// given
 		UUID identifier = UUID.randomUUID();
 		given(this.resultSet.getString("class_id_type")).willReturn("java.util.UUID");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier.toString(), this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
 	}
 
 	@Test
 	public void shouldReturnStringWhenStringClassIdType() throws SQLException {
-		// given
 		String identifier = "MY_STRING_IDENTIFIER";
 		given(this.resultSet.getString("class_id_type")).willReturn("java.lang.String");
-
-		// when
 		Serializable newIdentifier = this.aclClassIdUtils.identifierFrom(identifier, this.resultSet);
-
-		// then
 		assertThat(newIdentifier).isEqualTo(identifier);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void shouldNotAcceptNullConversionServiceInConstruction() {
-		// when
 		new AclClassIdUtils(null);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void shouldNotAcceptNullConversionServiceInSetter() {
-		// when
 		this.aclClassIdUtils.setConversionService(null);
 	}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -75,8 +75,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 
 	private List<HeaderWriter> headerWriters = new ArrayList<>();
 
-	// --- default header writers ---
-
 	private final ContentTypeOptionsConfig contentTypeOptions = new ContentTypeOptionsConfig();
 
 	private final XXssConfig xssProtection = new XXssConfig();

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -436,8 +436,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(content().string("test-subject"));
 	}
 
-	// -- Method Security
-
 	@Test
 	public void getWhenUsingMethodSecurityWithValidBearerTokenThenAcceptsRequest() throws Exception {
 
@@ -494,8 +492,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(insufficientScopeHeader());
 	}
 
-	// -- Resource Server should not engage csrf
-
 	@Test
 	public void postWhenUsingDefaultsWithValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
@@ -527,8 +523,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
-	// -- Resource Server should not create sessions
-
 	@Test
 	public void requestWhenDefaultConfiguredThenSessionIsNotCreated() throws Exception {
 
@@ -576,8 +570,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
-	// -- custom bearer token resolver
-
 	@Test
 	public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted()
 			throws Exception {
@@ -693,8 +685,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(oauth2.getBearerTokenResolver()).isInstanceOf(DefaultBearerTokenResolver.class);
 	}
 
-	// -- custom jwt decoder
-
 	@Test
 	public void requestWhenCustomJwtDecoderWiredOnDslThenUsed() throws Exception {
 
@@ -820,8 +810,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThatCode(() -> jwtConfigurer.getJwtDecoder()).isInstanceOf(NoUniqueBeanDefinitionException.class);
 	}
 
-	// -- exception handling
-
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
@@ -861,8 +849,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThatCode(() -> configurer.accessDeniedHandler(null)).isInstanceOf(IllegalArgumentException.class);
 	}
 
-	// -- token validator
-
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
@@ -904,8 +890,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
-	// -- converter
-
 	@Test
 	public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception {
 
@@ -937,8 +921,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		this.mvc.perform(get("/requires-read-scope").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk());
 	}
 
-	// -- single key
-
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
@@ -991,8 +973,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		verifyBean(AuthenticationProvider.class).authenticate(any(Authentication.class));
 	}
 
-	// -- opaque
-
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.register(RestOperationsConfig.class, OpaqueTokenConfig.class, BasicController.class).autowire();
@@ -1099,8 +1079,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		assertThat(opaqueToken.getIntrospector()).isNotNull();
 	}
 
-	// -- In combination with other authentication providers
-
 	@Test
 	public void requestWhenBasicAndResourceServerEntryPointsThenMatchedByRequest() throws Exception {
 
@@ -1171,8 +1149,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(status().isOk()).andExpect(content().string("basic-user"));
 	}
 
-	// -- authentication manager
-
 	@Test
 	public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() {
 		ApplicationContext context = mock(ApplicationContext.class);
@@ -1190,8 +1166,6 @@ public class OAuth2ResourceServerConfigurerTests {
 		verify(http, never()).authenticationProvider(any(AuthenticationProvider.class));
 	}
 
-	// -- authentication manager resolver
-
 	@Test
 	public void getWhenMultipleIssuersThenUsesIssuerClaimToDifferentiate() throws Exception {
 		this.spring.register(WebServerConfig.class, MultipleIssuersConfig.class, BasicController.class).autowire();
@@ -1226,8 +1200,6 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
-	// -- Incorrect Configuration
-
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 

config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java

@@ -135,8 +135,6 @@ public class HttpHeadersConfigTests {
 		this.mvc.perform(get("/").secure(true)).andExpect(status().isOk()).andExpect(includes(headers));
 	}
 
-	// -- defaults disabled
-
 	/**
 	 * gh-3986
 	 */
@@ -480,8 +478,6 @@ public class HttpHeadersConfigTests {
 				.andExpect(excludesDefaults());
 	}
 
-	// -- single-header disabled
-
 	@Test
 	public void requestWhenCacheControlDisabledThenExcludesHeader() throws Exception {
 
@@ -550,8 +546,6 @@ public class HttpHeadersConfigTests {
 				.andExpect(excludes(xssProtection));
 	}
 
-	// --- disable error handling ---
-
 	@Test
 	public void configureWhenHstsDisabledAndIncludeSubdomainsSpecifiedThenAutowireFails() {
 		assertThatThrownBy(

config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java

@@ -335,8 +335,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(status().isNotFound());
 	}
 
-	// -- Resource Server should not engage csrf
-
 	@Test
 	public void postWhenValidBearerTokenAndNoCsrfTokenThenOk() throws Exception {
 
@@ -371,8 +369,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 	}
 
-	// -- Resource Server should not create sessions
-
 	@Test
 	public void requestWhenJwtThenSessionIsNotCreated() throws Exception {
 
@@ -421,8 +417,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
-	// -- custom bearer token resolver
-
 	@Test
 	public void getWhenCustomBearerTokenResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver"))
@@ -502,8 +496,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		assertThat(oauth2.getBearerTokenResolver(mock(Element.class))).isInstanceOf(RootBeanDefinition.class);
 	}
 
-	// -- custom jwt decoder
-
 	@Test
 	public void requestWhenCustomJwtDecoderThenUsed() throws Exception {
 
@@ -525,8 +517,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
-	// -- exception handling
-
 	@Test
 	public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception {
 
@@ -553,8 +543,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\"")));
 	}
 
-	// -- token validator
-
 	@Test
 	public void requestWhenCustomJwtValidatorFailsThenCorrespondingErrorMessage() throws Exception {
 
@@ -593,8 +581,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("Jwt expired at"));
 	}
 
-	// -- converter
-
 	@Test
 	public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception {
 
@@ -614,8 +600,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		verify(jwtAuthenticationConverter).convert(any(Jwt.class));
 	}
 
-	// -- single key
-
 	@Test
 	public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception {
 
@@ -645,8 +629,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(invalidTokenHeader("algorithm"));
 	}
 
-	// -- opaque
-
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
 		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
@@ -688,8 +670,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.isInstanceOf(BeanDefinitionParsingException.class);
 	}
 
-	// -- authentication manager resolver
-
 	@Test
 	public void getWhenAuthenticationManagerResolverThenUses() throws Exception {
 		this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire();
@@ -738,12 +718,9 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 				.andExpect(status().isUnauthorized()).andExpect(invalidTokenHeader("Invalid issuer"));
 	}
 
-	// -- In combination with other authentication providers
-
 	@Test
-	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception { // different
-																											// from
-																											// DSL
+	public void requestWhenBasicAndResourceServerEntryPointsThenBearerTokenPresides() throws Exception {
+		// different from DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("BasicAndResourceServer")).autowire();
 
@@ -762,9 +739,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 	}
 
 	@Test
-	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception { // different
-																													// from
-																													// DSL
+	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest() throws Exception {
+		// different from DSL
 
 		this.spring.configLocations(xml("MockJwtDecoder"), xml("FormAndResourceServer")).autowire();
 
@@ -794,8 +770,6 @@ public class OAuth2ResourceServerBeanDefinitionParserTests {
 		this.mvc.perform(get("/authenticated").with(httpBasic("user", "password"))).andExpect(status().isNotFound());
 	}
 
-	// -- Incorrect Configuration
-
 	@Test
 	public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() {
 		assertThatCode(() -> this.spring.configLocations(xml("Jwtless")).autowire())

config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java

@@ -242,8 +242,6 @@ public class WebSocketMessageBrokerConfigTests {
 		assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
 	}
 
-	// -- invalid intercept types -- //
-
 	@Test
 	public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
 		ThrowingCallable bad = () -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();

core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java

@@ -51,80 +51,63 @@ public class ExpressionBasedPreInvocationAdviceTests {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedButNotMatch() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "filterTargetDoesNotMatch",
 				null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameProvidedArrayUnsupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameProvided() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "param", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-
-		// when
 		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
 				attribute);
-		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedArrayUnsupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingArray", new Class[] { String[].class }, new Object[] { new String[0] });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test
 	public void findFilterTargetNameNotProvided() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingCollection", new Class[] { List.class }, new Object[] { new ArrayList<>() });
-		// when
 		boolean result = this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation,
 				attribute);
-		// then
 		assertThat(result).isTrue();
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedTypeNotSupported() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "param" });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void findFilterTargetNameNotProvidedMethodAcceptMoreThenOneArgument() throws Exception {
-		// given
 		PreInvocationAttribute attribute = new PreInvocationExpressionAttribute("true", "", null);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingTwoArgs", new Class[] { String.class, List.class },
 				new Object[] { "param", new ArrayList<>() });
-		// when - then
 		this.expressionBasedPreInvocationAdvice.before(this.authentication, methodInvocation, attribute);
 	}
 

core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextExecutorTests.java

@@ -41,15 +41,11 @@ public abstract class AbstractDelegatingSecurityContextExecutorTests
 
 	private DelegatingSecurityContextExecutor executor;
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextExecutor(null);
 	}
 
-	// --- execute ---
-
 	@Test
 	public void execute() {
 		this.executor = create();

core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java

@@ -78,8 +78,6 @@ public class DelegatingSecurityContextCallableTests {
 		SecurityContextHolder.clearContext();
 	}
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextCallable<>(null);
@@ -100,8 +98,6 @@ public class DelegatingSecurityContextCallableTests {
 		new DelegatingSecurityContextCallable<>(this.delegate, null);
 	}
 
-	// --- call ---
-
 	@Test
 	public void call() throws Exception {
 		this.callable = new DelegatingSecurityContextCallable<>(this.delegate, this.securityContext);
@@ -126,8 +122,6 @@ public class DelegatingSecurityContextCallableTests {
 		assertWrapped(this.callable.call());
 	}
 
-	// --- create ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
 		DelegatingSecurityContextCallable.create(null, this.securityContext);
@@ -153,8 +147,6 @@ public class DelegatingSecurityContextCallableTests {
 		assertWrapped(this.callable);
 	}
 
-	// --- toString
-
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {

core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java

@@ -74,8 +74,6 @@ public class DelegatingSecurityContextRunnableTests {
 		SecurityContextHolder.clearContext();
 	}
 
-	// --- constructor ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void constructorNullDelegate() {
 		new DelegatingSecurityContextRunnable(null);
@@ -96,8 +94,6 @@ public class DelegatingSecurityContextRunnableTests {
 		new DelegatingSecurityContextRunnable(this.delegate, null);
 	}
 
-	// --- run ---
-
 	@Test
 	public void call() throws Exception {
 		this.runnable = new DelegatingSecurityContextRunnable(this.delegate, this.securityContext);
@@ -123,8 +119,6 @@ public class DelegatingSecurityContextRunnableTests {
 		assertWrapped(this.runnable);
 	}
 
-	// --- create ---
-
 	@Test(expected = IllegalArgumentException.class)
 	public void createNullDelegate() {
 		DelegatingSecurityContextRunnable.create(null, this.securityContext);
@@ -150,8 +144,6 @@ public class DelegatingSecurityContextRunnableTests {
 		assertWrapped(this.runnable);
 	}
 
-	// --- toString
-
 	// SEC-2682
 	@Test
 	public void toStringDelegates() {

crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java

@@ -132,8 +132,6 @@ public final class AesBytesEncryptor implements BytesEncryptor {
 		}
 	}
 
-	// internal helpers
-
 	private byte[] iv(byte[] encrypted) {
 		return this.ivGenerator != NULL_IV_GENERATOR
 				? EncodingUtils.subArray(encrypted, 0, this.ivGenerator.getKeyLength())

crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java

@@ -83,8 +83,6 @@ public final class StandardPasswordEncoder implements PasswordEncoder {
 		return MessageDigest.isEqual(digested, digest(rawPassword, salt));
 	}
 
-	// internal helpers
-
 	private StandardPasswordEncoder(String algorithm, CharSequence secret) {
 		this.digester = new Digester(algorithm, DEFAULT_ITERATIONS);
 		this.secret = Utf8.encode(secret);

ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java

@@ -96,7 +96,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	// SEC-1915
 	@Test
 	public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception {
-		// given
 		String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
@@ -111,17 +110,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		customProvider.setSearchFilter(customSearchFilter);
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(result.isAuthenticated()).isTrue();
 	}
 
 	@Test
 	public void defaultSearchFilter() throws Exception {
-		// given
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 
 		DirContext ctx = mock(DirContext.class);
@@ -136,10 +132,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(result.isAuthenticated()).isTrue();
 		verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class),
 				any(SearchControls.class));
@@ -148,7 +142,6 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 	// SEC-2897,SEC-2224
 	@Test
 	public void bindPrincipalAndUsernameUsed() throws Exception {
-		// given
 		final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
 		ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
 
@@ -164,10 +157,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
 				"mydomain.eu", "ldap://192.168.1.200/");
 		customProvider.contextFactory = createContextFactoryReturning(ctx);
 
-		// when
 		Authentication result = customProvider.authenticate(this.joe);
 
-		// then
 		assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
 		assertThat(result.isAuthenticated()).isTrue();
 	}

oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java

@@ -491,16 +491,13 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheThenStoreRetrievedJwkSetToCache() {
-		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.cache(cache).build();
-		// when
 		jwtDecoder.decode(SIGNED_JWT);
-		// then
 		assertThat(cache.get(JWK_SET_URI, String.class)).isEqualTo(JWK_SET);
 		ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);
 		verify(restOperations).exchange(requestEntityCaptor.capture(), eq(String.class));
@@ -511,15 +508,12 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheThenRetrieveFromCache() {
-		// given
 		RestOperations restOperations = mock(RestOperations.class);
 		Cache cache = mock(Cache.class);
 		given(cache.get(eq(JWK_SET_URI), any(Callable.class))).willReturn(JWK_SET);
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).cache(cache)
 				.restOperations(restOperations).build();
-		// when
 		jwtDecoder.decode(SIGNED_JWT);
-		// then
 		verify(cache).get(eq(JWK_SET_URI), any(Callable.class));
 		verifyNoMoreInteractions(cache);
 		verifyNoInteractions(restOperations);
@@ -527,14 +521,12 @@ public class NimbusJwtDecoderTests {
 
 	@Test
 	public void decodeWhenCacheIsConfiguredAndValueLoaderErrorsThenThrowsJwtException() {
-		// given
 		Cache cache = new ConcurrentMapCache("test-jwk-set-cache");
 		RestOperations restOperations = mock(RestOperations.class);
 		given(restOperations.exchange(any(RequestEntity.class), eq(String.class)))
 				.willThrow(new RestClientException("Cannot retrieve JWK Set"));
 		NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations)
 				.cache(cache).build();
-		// then
 		assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).isInstanceOf(JwtException.class)
 				.isNotInstanceOf(BadJwtException.class)
 				.hasMessageContaining("An error occurred while attempting to decode the Jwt");

samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java

@@ -58,8 +58,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectStatus().isUnauthorized();
 	}
 
-	// --- Basic Authentication ---
-
 	@Test
 	public void messageWhenUserThenForbidden() {
 		this.rest
@@ -81,8 +79,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	// --- WithMockUser ---
-
 	@Test
 	@WithMockUser
 	public void messageWhenWithMockUserThenForbidden() {
@@ -104,8 +100,6 @@ public class HelloWebfluxMethodApplicationTests {
 			.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	// --- mutateWith mockUser ---
-
 	@Test
 	public void messageWhenMutateWithMockUserThenForbidden() {
 		this.rest

samples/boot/oauth2resourceserver-jwe/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java

@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {

samples/boot/oauth2resourceserver-multitenancy/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java

@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject for tenant one!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void tenantOnePerformWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {
@@ -96,8 +94,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject for tenant two!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void tenantTwoPerformWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {

samples/boot/oauth2resourceserver-opaque/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java

@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {

samples/boot/oauth2resourceserver-static/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java

@@ -60,8 +60,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {

samples/boot/oauth2resourceserver-webflux/src/integration-test/java/sample/ServerOAuth2ResourceServerApplicationITests.java

@@ -55,8 +55,6 @@ public class ServerOAuth2ResourceServerApplicationITests {
 				.expectBody(String.class).isEqualTo("Hello, subject!");
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void getWhenValidBearerTokenThenScopedRequestsAlsoWork() {
 

samples/boot/oauth2resourceserver/src/integration-test/java/sample/OAuth2ResourceServerApplicationITests.java

@@ -62,8 +62,6 @@ public class OAuth2ResourceServerApplicationITests {
 				.andExpect(content().string(containsString("Hello, subject!")));
 	}
 
-	// -- tests with scopes
-
 	@Test
 	public void performWhenValidBearerTokenThenScopedRequestsAlsoWork()
 			throws Exception {

samples/xml/dms/src/test/java/sample/DmsIntegrationTests.java

@@ -122,13 +122,9 @@ public class DmsIntegrationTests extends AbstractTransactionalJUnit4SpringContex
 		// plus 10 files
 
 		AbstractElement[] nonHomeElements = this.documentDao.findElements(nonHomeDir);
-		assertThat(nonHomeElements).hasSize(shouldBeFiltered ? 11 : 12); // cannot
-																					// see
-		// the user's
-		// "confidential"
-		// sub-directory
-		// when
-		// filtering
+		assertThat(nonHomeElements).hasSize(shouldBeFiltered ? 11 : 12);
+
+		// cannot see the user's "confidential" sub-directory when filtering
 
 		// Attempt to read the other user's confidential directory from the returned
 		// results

web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java

@@ -28,16 +28,12 @@ public class DefaultRequestRejectedHandlerTests {
 
 	@Test
 	public void defaultRequestRejectedHandlerRethrowsTheException() throws Exception {
-		// given:
 		RequestRejectedException requestRejectedException = new RequestRejectedException("rejected");
 		DefaultRequestRejectedHandler sut = new DefaultRequestRejectedHandler();
-
-		// when:
 		try {
 			sut.handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), requestRejectedException);
 		}
 		catch (RequestRejectedException exception) {
-			// then:
 			Assert.assertThat(exception.getMessage(), CoreMatchers.is("rejected"));
 			return;
 		}

web/src/test/java/org/springframework/security/web/firewall/HttpStatusRequestRejectedHandlerTests.java

@@ -27,14 +27,9 @@ public class HttpStatusRequestRejectedHandlerTests {
 
 	@Test
 	public void httpStatusRequestRejectedHandlerUsesStatus400byDefault() throws Exception {
-		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler();
 		HttpServletResponse response = mock(HttpServletResponse.class);
-
-		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
-
-		// then:
 		verify(response).sendError(400);
 	}
 
@@ -46,15 +41,9 @@ public class HttpStatusRequestRejectedHandlerTests {
 	}
 
 	private void httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper(int status) throws Exception {
-
-		// given:
 		HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler(status);
 		HttpServletResponse response = mock(HttpServletResponse.class);
-
-		// when:
 		sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
-
-		// then:
 		verify(response).sendError(status);
 	}
 

web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java

@@ -146,8 +146,6 @@ public class StrictHttpFirewallTests {
 		}
 	}
 
-	// --- ; ---
-
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() {
 		this.request.setContextPath(";/context");
@@ -334,8 +332,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	// --- encoded . ---
-
 	@Test(expected = RequestRejectedException.class)
 	public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() {
 		this.request.setRequestURI("/%2E/");
@@ -394,8 +390,6 @@ public class StrictHttpFirewallTests {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
-	// --- from DefaultHttpFirewallTests ---
-
 	/**
 	 * On WebSphere 8.5 a URL like /context-root/a/b;%2f1/c can bypass a rule on /a/b/c
 	 * because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC

web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java

@@ -95,15 +95,10 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenRequestNotMatchThenDoesNothing() {
-		// given
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/not/existing"));
-
 		WebFilterChain chain = mock(WebFilterChain.class);
 		given(chain.filter(exchange)).willReturn(Mono.empty());
-
-		// when
 		this.switchUserWebFilter.filter(exchange, chain).block();
-		// then
 		verifyNoInteractions(this.userDetailsService);
 		verifyNoInteractions(this.successHandler);
 		verifyNoInteractions(this.failureHandler);
@@ -114,7 +109,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUser() {
-		// given
 		final String targetUsername = "TEST_USERNAME";
 		final UserDetails switchUserDetails = switchUserDetails(targetUsername, true);
 
@@ -133,12 +127,10 @@ public class SwitchUserWebFilterTests {
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		verifyNoInteractions(chain);
 		verify(this.userDetailsService).findByUsername(targetUsername);
 
@@ -165,7 +157,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() {
-		// given
 		final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal",
 				"origCredentials");
 
@@ -189,12 +180,10 @@ public class SwitchUserWebFilterTests {
 		given(this.userDetailsService.findByUsername(targetUsername))
 				.willReturn(Mono.just(switchUserDetails(targetUsername, true)));
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
 		verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class),
 				authenticationCaptor.capture());
@@ -210,7 +199,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenUsernameIsMissingThenThrowException() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -220,7 +208,6 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("The userName can not be null.");
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -241,7 +228,6 @@ public class SwitchUserWebFilterTests {
 		given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -252,7 +238,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void switchUserWhenFailureHandlerNotDefinedThenReturnError() {
-		// given
 		this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null);
 
 		final String targetUsername = "TEST_USERNAME";
@@ -267,7 +252,6 @@ public class SwitchUserWebFilterTests {
 
 		this.exceptionRule.expect(DisabledException.class);
 
-		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -276,7 +260,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchThenReturnToOriginalAuthentication() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -296,12 +279,10 @@ public class SwitchUserWebFilterTests {
 		given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class)))
 				.willReturn(Mono.empty());
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
 
-		// then
 		final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
 		verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
 		final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
@@ -319,7 +300,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchWhenUserNotSwitchedThenThrowError() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -332,7 +312,6 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("Could not find original Authentication object");
 
-		// when then
 		this.switchUserWebFilter.filter(exchange, chain)
 				.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
 				.block();
@@ -341,7 +320,6 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void exitSwitchWhenNoCurrentUserThenThrowError() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -350,65 +328,49 @@ public class SwitchUserWebFilterTests {
 		this.exceptionRule.expect(AuthenticationCredentialsNotFoundException.class);
 		this.exceptionRule.expectMessage("No current user associated with this request");
 
-		// when
 		this.switchUserWebFilter.filter(exchange, chain).block();
-		// then
 		verifyNoInteractions(chain);
 	}
 
 	@Test
 	public void constructorUserDetailsServiceRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("userDetailsService must be specified");
-
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(null, mock(ServerAuthenticationSuccessHandler.class),
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorServerAuthenticationSuccessHandlerRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("successHandler must be specified");
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				mock(ServerAuthenticationFailureHandler.class));
 	}
 
 	@Test
 	public void constructorSuccessTargetUrlRequired() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("successTargetUrl must be specified");
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null,
 				"failure/target/url");
 	}
 
 	@Test
 	public void constructorFirstDefaultValues() {
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class),
 				mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class));
-
-		// then
 		final Object securityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(securityContextRepository).isInstanceOf(WebSessionServerSecurityContextRepository.class);
-
 		final Object userDetailsChecker = ReflectionTestUtils.getField(this.switchUserWebFilter, "userDetailsChecker");
 		assertThat(userDetailsChecker).isInstanceOf(AccountStatusUserDetailsChecker.class);
 	}
 
 	@Test
 	public void constructorSecondDefaultValues() {
-		// when
 		this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), "success/target/url",
 				"failure/target/url");
-
-		// then
 		final Object successHandler = ReflectionTestUtils.getField(this.switchUserWebFilter, "successHandler");
 		assertThat(successHandler).isInstanceOf(RedirectServerAuthenticationSuccessHandler.class);
 
@@ -425,27 +387,20 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setSecurityContextRepositoryWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("securityContextRepository cannot be null");
-		// when
 		this.switchUserWebFilter.setSecurityContextRepository(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue() {
-		// given
 		final Object oldSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(oldSecurityContextRepository).isSameAs(this.serverSecurityContextRepository);
-
 		final ServerSecurityContextRepository newSecurityContextRepository = mock(
 				ServerSecurityContextRepository.class);
-		// when
 		this.switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
-		// then
 		final Object currentSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter,
 				"securityContextRepository");
 		assertThat(currentSecurityContextRepository).isSameAs(newSecurityContextRepository);
@@ -453,29 +408,22 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setExitUserUrlWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setExitUserUrl(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserUrlWhenInvalidUrlThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setExitUserUrl("wrongUrl");
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserUrlWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -483,13 +431,8 @@ public class SwitchUserWebFilterTests {
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
 		assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue();
-
-		// when
 		this.switchUserWebFilter.setExitUserUrl("/exit-url");
-
-		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url"));
-
 		final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
@@ -498,18 +441,14 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setExitUserMatcherWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("exitUserMatcher cannot be null");
-		// when
 		this.switchUserWebFilter.setExitUserMatcher(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/logout/impersonate"));
 
@@ -521,11 +460,8 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/exit-url");
 
-		// when
 		this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher);
 
-		// then
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "exitUserMatcher");
 
@@ -534,29 +470,22 @@ public class SwitchUserWebFilterTests {
 
 	@Test
 	public void setSwitchUserUrlWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserUrlWhenInvalidThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserUrl cannot be empty and must be a valid redirect URL");
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl("wrongUrl");
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -565,32 +494,24 @@ public class SwitchUserWebFilterTests {
 
 		assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
 
-		// when
 		this.switchUserWebFilter.setSwitchUserUrl("/switch-url");
 
-		// then
 		final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
-
 		final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue();
 	}
 
 	@Test
 	public void setSwitchUserMatcherWhenNullThenThrowException() {
-		// given
 		this.exceptionRule.expect(IllegalArgumentException.class);
 		this.exceptionRule.expectMessage("switchUserMatcher cannot be null");
-		// when
 		this.switchUserWebFilter.setSwitchUserMatcher(null);
-		// then
 		fail("Test should fail with exception");
 	}
 
 	@Test
 	public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() {
-		// given
 		final MockServerWebExchange exchange = MockServerWebExchange
 				.from(MockServerHttpRequest.post("/login/impersonate"));
 
@@ -602,14 +523,10 @@ public class SwitchUserWebFilterTests {
 		final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST,
 				"/switch-url");
 
-		// when
 		this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
 
-		// then
-
 		final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils
 				.getField(this.switchUserWebFilter, "switchUserMatcher");
-
 		assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher);
 	}
 

web/src/test/java/org/springframework/security/web/util/OnCommittedResponseWrapperTests.java

@@ -62,8 +62,6 @@ public class OnCommittedResponseWrapperTests {
 		given(this.delegate.getOutputStream()).willReturn(this.out);
 	}
 
-	// --- printwriter
-
 	@Test
 	public void printWriterHashCode() throws Exception {
 		int expected = this.writer.hashCode();