From 79815e044ec611c7373ca985877b6e15af6567f7 Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Sat, 1 Nov 2025 14:02:08 +0700 Subject: [PATCH] Fix typos Signed-off-by: Tran Ngoc Nhan --- .../access/expression/EvaluationContextPostProcessor.java | 2 +- .../security/acls/domain/AclAuthorizationStrategy.java | 2 +- .../security/acls/domain/GrantedAuthoritySid.java | 2 +- .../security/acls/jdbc/JdbcAclService.java | 2 +- .../security/acls/jdbc/JdbcMutableAclService.java | 4 ++-- .../security/cas/web/CasAuthenticationFilter.java | 8 ++++---- .../annotation/AbstractConfiguredSecurityBuilder.java | 8 ++++---- .../config/annotation/web/HttpSecurityBuilder.java | 2 +- .../annotation/web/builders/FilterOrderRegistration.java | 2 +- .../annotation/web/configurers/LogoutConfigurer.java | 2 +- .../web/configurers/SessionManagementConfigurer.java | 2 +- .../web/configurers/saml2/Saml2MetadataConfigurer.java | 2 +- .../web/reactive/ServerHttpSecurityConfiguration.java | 2 +- .../security/config/http/AuthenticationConfigBuilder.java | 6 +++--- .../config/ldap/LdapServerBeanDefinitionParser.java | 6 +++--- .../configurers/AuthorizeHttpRequestsConfigurerTests.java | 2 +- .../access/expression/SecurityExpressionOperations.java | 2 +- docs/modules/ROOT/pages/servlet/appendix/faq.adoc | 2 +- docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc | 2 +- .../KerberosServiceAuthenticationProvider.java | 2 +- .../kerberos/authentication/KerberosTicketValidator.java | 2 +- .../SpnegoAuthenticationProcessingFilter.java | 4 ++-- .../messaging/util/matcher/PathPatternMessageMatcher.java | 8 ++++---- .../security/saml2/core/Saml2X509Credential.java | 2 +- .../request/SecurityMockMvcRequestPostProcessors.java | 4 ++-- .../access/expression/EvaluationContextPostProcessor.java | 2 +- .../websphere/DefaultWASUsernameAndGroupsExtractor.java | 6 +++--- .../rememberme/RememberMeAuthenticationFilter.java | 4 ++-- .../security/web/csrf/HttpSessionCsrfTokenRepository.java | 2 +- .../security/web/firewall/StrictHttpFirewall.java | 6 +++--- .../web/header/writers/PermissionsPolicyHeaderWriter.java | 2 +- .../writers/frameoptions/RegExpAllowFromStrategy.java | 2 +- .../security/web/savedrequest/FastHttpDateFormat.java | 2 +- .../servlet/util/matcher/PathPatternRequestMatcher.java | 8 ++++---- .../security/web/util/ThrowableAnalyzer.java | 3 +-- .../org/springframework/security/web/util/UrlUtils.java | 2 +- .../web/session/HttpSessionEventPublisherTests.java | 4 ++-- .../security/web/webauthn/api/CredentialRecord.java | 2 +- .../security/web/webauthn/api/PublicKeyCredential.java | 2 +- .../webauthn/api/PublicKeyCredentialCreationOptions.java | 2 +- .../security/web/webauthn/api/ResidentKeyRequirement.java | 2 +- 41 files changed, 66 insertions(+), 67 deletions(-) diff --git a/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java b/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java index cadca0aab1..31f89de36d 100644 --- a/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java +++ b/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java @@ -39,7 +39,7 @@ interface EvaluationContextPostProcessor { * that was passed in. * @param context the original {@link EvaluationContext} * @param invocation the security invocation object (i.e. Message) - * @return the upated context. + * @return the updated context. */ EvaluationContext postProcess(EvaluationContext context, I invocation); diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java index fa243b0fcf..cd908d2432 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java @@ -20,7 +20,7 @@ import org.springframework.security.acls.model.Acl; /** * Strategy used by {@link AclImpl} to determine whether a principal is permitted to call - * adminstrative methods on the AclImpl. + * administrative methods on the AclImpl. * * @author Ben Alex */ diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java index 73c1dc0366..a72d690cf5 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java @@ -42,7 +42,7 @@ public class GrantedAuthoritySid implements Sid { public GrantedAuthoritySid(GrantedAuthority grantedAuthority) { Assert.notNull(grantedAuthority, "GrantedAuthority required"); Assert.notNull(grantedAuthority.getAuthority(), - "This Sid is only compatible with GrantedAuthoritys that provide a non-null getAuthority()"); + "This Sid is only compatible with GrantedAuthority that provide a non-null getAuthority()"); this.grantedAuthority = grantedAuthority.getAuthority(); } diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java index f8dbb687e6..69667c8933 100644 --- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java +++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java @@ -160,7 +160,7 @@ public class JdbcAclService implements AclService { this.findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE; } else { - log.debug("Find children statement has already been overridden, so not overridding the default"); + log.debug("Find children statement has already been overridden, so not overriding the default"); } } } diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java index 9b8eb5acbc..9c22037dd9 100644 --- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java +++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java @@ -50,7 +50,7 @@ import org.springframework.util.Assert; * The default settings are for HSQLDB. If you are using a different database you will * probably need to set the {@link #setSidIdentityQuery(String) sidIdentityQuery} and * {@link #setClassIdentityQuery(String) classIdentityQuery} properties appropriately. The - * other queries, SQL inserts and updates can also be customized to accomodate schema + * other queries, SQL inserts and updates can also be customized to accommodate schema * variations, but must produce results consistent with those expected by the defaults. *

* See the appendix of the Spring Security reference manual for more information on the @@ -471,7 +471,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS this.insertClass = DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID; } else { - log.debug("Insert class statement has already been overridden, so not overridding the default"); + log.debug("Insert class statement has already been overridden, so not overriding the default"); } } } diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java index 06623db874..7df0846ea5 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java @@ -326,7 +326,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil /** * Use this {@code RequestMatcher} to match proxy receptor requests. Without setting * this matcher, {@link CasAuthenticationFilter} will not capture any proxy receptor - * requets. + * requests. * @param proxyReceptorMatcher the {@link RequestMatcher} to use * @since 6.5 */ @@ -383,7 +383,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil } /** - * Indicates if the request is elgible to process a service ticket. This method exists + * Indicates if the request is eligible to process a service ticket. This method exists * for readability. * @param request * @param response @@ -396,7 +396,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil } /** - * Indicates if the request is elgible to process a proxy ticket. + * Indicates if the request is eligible to process a proxy ticket. * @param request * @return */ @@ -419,7 +419,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil } /** - * Indicates if the request is elgible to be processed as the proxy receptor. + * Indicates if the request is eligible to be processed as the proxy receptor. * @param request * @return */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java index 04046fea10..f96ea84080 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java +++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java @@ -177,7 +177,7 @@ public abstract class AbstractConfiguredSecurityBuilder> void setSharedObject(Class sharedType, C object); /** - * Gets a shared Object. Note that object heirarchies are not considered. + * Gets a shared Object. Note that object hierarchies are not considered. * @param sharedType the type of the shared Object * @return the shared Object or null if it is not found */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java index 063ced5e88..cdfe5728be 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java @@ -133,7 +133,7 @@ final class FilterOrderRegistration { /** * Register a {@link Filter} with its specific position. If the {@link Filter} was * already registered before, the position previously defined is not going to be - * overriden + * overridden * @param filter the {@link Filter} to register * @param position the position to associate with the {@link Filter} */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java index b70b0e19c5..f4e9cf6e9f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java @@ -305,7 +305,7 @@ public final class LogoutConfigurer> } /** - * Gets the logoutSuccesUrl or null if a + * Gets the logoutSuccessUrl or null if a * {@link #logoutSuccessHandler(LogoutSuccessHandler)} was configured. * @return the logoutSuccessUrl */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java index 4d004de46e..8e75d47e89 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java @@ -146,7 +146,7 @@ public final class SessionManagementConfigurer> /** * This should not use RequestAttributeSecurityContextRepository since that is - * stateless and sesison management is about state management. + * stateless and session management is about state management. */ private SecurityContextRepository sessionManagementSecurityContextRepository = new HttpSessionSecurityContextRepository(); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java index b53717d200..00e13a1520 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java @@ -95,7 +95,7 @@ public class Saml2MetadataConfigurer> * If there is no {@code registrationId} and your * {@link RelyingPartyRegistrationRepository} is {code Iterable}, the metadata * endpoint will try and show all relying parties' metadata in a single - * {@code * If you need a more sophisticated lookup strategy than these, use diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java index 1bff8f5dcb..a68f357fe7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java @@ -167,7 +167,7 @@ class ServerHttpSecurityConfiguration { } /** - * Applies all {@code Custmizer} Beans to + * Applies all {@code Customizer} Beans to * {@link ServerHttpSecurity}. * @param context the {@link ApplicationContext} * @param http the {@link ServerHttpSecurity} diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index 0cc2af6779..f873b39087 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -538,7 +538,7 @@ final class AuthenticationConfigBuilder { } injectAuthenticationDetailsSource(x509Elt, filterBuilder); filter = (RootBeanDefinition) filterBuilder.getBeanDefinition(); - createPrauthEntryPoint(x509Elt); + createPreauthEntryPoint(x509Elt); createX509Provider(); } this.x509Filter = filter; @@ -562,7 +562,7 @@ final class AuthenticationConfigBuilder { this.x509ProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider)); } - private void createPrauthEntryPoint(Element source) { + private void createPreauthEntryPoint(Element source) { if (this.preAuthEntryPoint == null) { this.preAuthEntryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class); this.preAuthEntryPoint.setSource(this.pc.extractSource(source)); @@ -595,7 +595,7 @@ final class AuthenticationConfigBuilder { adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever); filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition()); filter = (RootBeanDefinition) filterBuilder.getBeanDefinition(); - createPrauthEntryPoint(jeeElt); + createPreauthEntryPoint(jeeElt); createJeeProvider(); } this.jeeFilter = filter; diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java index 1316560fe9..74bc65e05d 100644 --- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java @@ -165,20 +165,20 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser { } private RootBeanDefinition getRootBeanDefinition(String mode) { - if (isUnboundidEnabled(mode)) { + if (isUnboundIdEnabled(mode)) { return new RootBeanDefinition(UNBOUNDID_CONTAINER_CLASSNAME, null, null); } throw new IllegalStateException("Embedded LDAP server is not provided"); } private String resolveBeanId(String mode) { - if (isUnboundidEnabled(mode)) { + if (isUnboundIdEnabled(mode)) { return BeanIds.EMBEDDED_UNBOUNDID; } return null; } - private boolean isUnboundidEnabled(String mode) { + private boolean isUnboundIdEnabled(String mode) { return "unboundid".equals(mode) || unboundIdPresent; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java index 159fe17656..15fdd19522 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java @@ -1340,7 +1340,7 @@ public class AuthorizeHttpRequestsConfigurerTests { static class ServletPathConfig { @Bean - PathPatternRequestMatcherBuilderFactoryBean requesMatcherBuilder() { + PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() { PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean(); bean.setBasePath("/spring"); return bean; diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java index f63f131585..a40020722f 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java @@ -100,7 +100,7 @@ public interface SecurityExpressionOperations { boolean isAnonymous(); /** - * Determines ifthe {@link #getAuthentication()} is authenticated + * Determines if the {@link #getAuthentication()} is authenticated * @return true if the {@link #getAuthentication()} is authenticated, else false */ boolean isAuthenticated(); diff --git a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc index d05269049a..f4766ad2a1 100644 --- a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc +++ b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc @@ -414,7 +414,7 @@ If you build your project with Maven, adding the appropriate Spring Security mod Any that are marked as "`optional`" in the Spring Security `pom.xml` files have to be added to your own `pom.xml` file if you need them. [[appendix-faq-unboundid-deps]] -=== What dependences are needed to run an embedded UnboundID LDAP server? +=== What dependencies are needed to run an embedded UnboundID LDAP server? You need to add the following dependency to your project: diff --git a/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc b/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc index 2d288f0a23..964dde0e09 100644 --- a/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc +++ b/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc @@ -399,7 +399,7 @@ Second, each xref:#httpsecuritydsl-bean[HttpSecurityDsl.() -> Unit Beans] is app This means that if there are multiple `HttpSecurity.() -> Unit` Beans, the https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/core/annotation/Order.html[@Order] annotation can be added to the Bean definitions to control the ordering. Next, every xref:#top-level-dsl-bean[Top Level Security Dsl Beans] type is looked up and each is is applied using `ObjectProvider#orderedStream()`. -If there is are differt types of top level security Beans (.e.g. `HeadersDsl.() -> Unit` and `HttpsRedirectDsl.() -> Unit`), then the order that each Dsl type is invoked is undefined. +If there is are different types of top level security Beans (.e.g. `HeadersDsl.() -> Unit` and `HttpsRedirectDsl.() -> Unit`), then the order that each Dsl type is invoked is undefined. However, the order that each instance of of the same top level security Bean type is defined by `ObjectProvider#orderedStream()` and can be controlled using `@Order` on the Bean the definitions. Finally, the `HttpSecurityDsl` Bean is injected as a Bean. diff --git a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java index 229f23ba65..5bdb2b702a 100644 --- a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java +++ b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java @@ -39,7 +39,7 @@ import org.springframework.util.Assert; * It needs a KerberosTicketValidator, which contains the code to validate * the ticket, as this code is different between SUN and IBM JRE.
* It also needs an UserDetailsService to load the user properties and the - * GrantedAuthorities, as we only get back the username from Kerbeos + * GrantedAuthorities, as we only get back the username from Kerberos *

* * You can see an example configuration in diff --git a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java index d9a9f6ad68..468fa842b7 100644 --- a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java +++ b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java @@ -31,7 +31,7 @@ public interface KerberosTicketValidator { /** * Validates a Kerberos/SPNEGO ticket. - * @param token Kerbeos/SPNEGO ticket + * @param token Kerberos/SPNEGO ticket * @return authenticated kerberos principal * @throws BadCredentialsException if the ticket is not valid */ diff --git a/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java b/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java index 018c0722ad..0abfedec3b 100644 --- a/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java +++ b/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java @@ -76,7 +76,7 @@ import org.springframework.web.filter.OncePerRequestFilter; * </sec:authentication-manager> * * <bean id="kerberosServiceAuthenticationProvider" - * class="org.springframework.security.kerberos.authenitcation.KerberosServiceAuthenticationProvider"> + * class="org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider"> * <property name="ticketValidator"> * <bean class="org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator"> * <property name="servicePrincipal" value="HTTP/web.springsource.com" /> @@ -103,7 +103,7 @@ import org.springframework.web.filter.OncePerRequestFilter; * bug. *

*

- * A workaround unti this is fixed in the JVM is to change + * A workaround until this is fixed in the JVM is to change *

* HKEY_LOCAL_MACHINE\System \CurrentControlSet\Control\LSA\SuppressExtendedProtection to * 0x02 diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java index b99bfad5f8..567550a024 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java +++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java @@ -134,9 +134,9 @@ public final class PathPatternMessageMatcher implements MessageMatcher { * The following are valid patterns and their meaning *
    *
  • {@code /path} - match exactly and only `/path`
    • - *
  • {@code /path/**} - match `/path` and any of its descendents
    • + *
  • {@code /path/**} - match `/path` and any of its descendants
    • *
  • {@code /path/{value}/**} - match `/path/subdirectory` and any of its - * descendents, capturing the value of the subdirectory in + * descendants, capturing the value of the subdirectory in * {@link MessageAuthorizationContext#getVariables()}
    • *
* @@ -169,9 +169,9 @@ public final class PathPatternMessageMatcher implements MessageMatcher { * The following are valid patterns and their meaning *
    *
  • {@code /path} - match exactly and only `/path`
    • - *
  • {@code /path/**} - match `/path` and any of its descendents
    • + *
  • {@code /path/**} - match `/path` and any of its descendants
    • *
  • {@code /path/{value}/**} - match `/path/subdirectory` and any of its - * descendents, capturing the value of the subdirectory in + * descendants, capturing the value of the subdirectory in * {@link MessageAuthorizationContext#getVariables()}
    • *
* diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java index 7eb083ca18..b768189fc2 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java @@ -48,7 +48,7 @@ public final class Saml2X509Credential implements Serializable { /** * Creates a {@link Saml2X509Credential} using the provided parameters - * @param certificate the credential's public certificiate + * @param certificate the credential's public certificate * @param types the credential's intended usages, must be one of * {@link Saml2X509CredentialType#VERIFICATION} or * {@link Saml2X509CredentialType#ENCRYPTION} or both. diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java index d6ac8d9f0b..110e496e48 100644 --- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java +++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java @@ -148,7 +148,7 @@ public final class SecurityMockMvcRequestPostProcessors { /** * Populates the provided X509Certificate instances on the request. - * @param certificates the X509Certificate instances to pouplate + * @param certificates the X509Certificate instances to populate * @return the * {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use. */ @@ -157,7 +157,7 @@ public final class SecurityMockMvcRequestPostProcessors { } /** - * Finds an X509Cetificate using a resoureName and populates it on the request. + * Finds an X509Certificate using a resourceName and populates it on the request. * @param resourceName the name of the X509Certificate resource * @return the * {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use. diff --git a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java index 7552458795..55d91cdb07 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java @@ -38,7 +38,7 @@ interface EvaluationContextPostProcessor { * that was passed in. * @param context the original {@link EvaluationContext} * @param invocation the security invocation object (i.e. FilterInvocation) - * @return the upated context. + * @return the updated context. */ EvaluationContext postProcess(EvaluationContext context, I invocation); diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java index 7d97500b6f..f67dfd53d2 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java @@ -133,8 +133,8 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups return new ArrayList<>(groups); } catch (Exception ex) { - logger.error("Exception occured while looking up groups for user", ex); - throw new RuntimeException("Exception occured while looking up groups for user", ex); + logger.error("Exception occurred while looking up groups for user", ex); + throw new RuntimeException("Exception occurred while looking up groups for user", ex); } finally { closeContext(context); @@ -148,7 +148,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups } } catch (NamingException ex) { - logger.debug("Exception occured while closing context", ex); + logger.debug("Exception occurred while closing context", ex); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java index 49ad13b881..d54bfc0bbb 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java @@ -164,7 +164,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements * Called if the {@code AuthenticationManager} rejects the authentication object * returned from the {@code RememberMeServices} {@code autoLogin} method. This method * will not be called when no remember-me token is present in the request and - * {@code autoLogin} reurns null. + * {@code autoLogin} returns {@code null}. */ protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) { @@ -184,7 +184,7 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements * successfully authenticated. By default, the filter will just allow the current * request to proceed, but if an {@code AuthenticationSuccessHandler} is set, it will * be invoked and the {@code doFilter()} method will return immediately, thus allowing - * the application to redirect the user to a specific URL, regardless of whatthe + * the application to redirect the user to a specific URL, regardless of what the * original request was for. * @param successHandler the strategy to invoke immediately before returning from * {@code doFilter()}. diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java index 834c455b5c..6907cd6959 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java @@ -100,7 +100,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository * @param sessionAttributeName the new attribute name to use */ public void setSessionAttributeName(String sessionAttributeName) { - Assert.hasLength(sessionAttributeName, "sessionAttributename cannot be null or empty"); + Assert.hasLength(sessionAttributeName, "sessionAttributeName cannot be null or empty"); this.sessionAttributeName = sessionAttributeName; } diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java index b1bcd907fc..89a556d398 100644 --- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java +++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java @@ -799,17 +799,17 @@ public class StrictHttpFirewall implements HttpFirewall { @Override public Enumeration getParameterNames() { - Enumeration paramaterNames = super.getParameterNames(); + Enumeration parameterNames = super.getParameterNames(); return new Enumeration<>() { @Override public boolean hasMoreElements() { - return paramaterNames.hasMoreElements(); + return parameterNames.hasMoreElements(); } @Override public String nextElement() { - String name = paramaterNames.nextElement(); + String name = parameterNames.nextElement(); validateAllowedParameterName(name); return name; } diff --git a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java index a6dab3bdb4..cae663c8b5 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java @@ -25,7 +25,7 @@ import org.springframework.util.Assert; /** * Provides support for - * Permisisons Policy. + * Permissions Policy. *

* Permissions Policy allows web developers to selectively enable, disable, and modify the * behavior of certain APIs and web features in the browser. diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java index a3dd778843..51fbf2e2bc 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java @@ -23,7 +23,7 @@ import org.springframework.util.Assert; /** * Implementation which uses a regular expression to validate the supplied origin. If the * value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM - * <paramter-value>. + * <parameter-value>. * * @author Marten Deinum * @since 3.2 diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java index 9c0d0dbf23..cf03518387 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java @@ -141,7 +141,7 @@ public final class FastHttpDateFormat { * Parses date with given formatters. * @param value The string to parse * @param formats Array of formats to use - * @return Parsed date (or null if no formatter mached) + * @return Parsed date (or null if no formatter matched) */ private static @Nullable Long internalParseDate(String value, DateFormat[] formats) { Date date = null; diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java index c7a2b45bcf..6b13beb924 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java @@ -268,9 +268,9 @@ public final class PathPatternRequestMatcher implements RequestMatcher { * The following are valid patterns and their meaning *

    *
  • {@code /path} - match exactly and only `/path`
    • - *
  • {@code /path/**} - match `/path` and any of its descendents
    • + *
  • {@code /path/**} - match `/path` and any of its descendants
    • *
  • {@code /path/{value}/**} - match `/path/subdirectory` and any of its - * descendents, capturing the value of the subdirectory in + * descendants, capturing the value of the subdirectory in * {@link RequestAuthorizationContext#getVariables()}
    • *
* @@ -303,9 +303,9 @@ public final class PathPatternRequestMatcher implements RequestMatcher { * The following are valid patterns and their meaning *
    *
  • {@code /path} - match exactly and only `/path`
    • - *
  • {@code /path/**} - match `/path` and any of its descendents
    • + *
  • {@code /path/**} - match `/path` and any of its descendants
    • *
  • {@code /path/{value}/**} - match `/path/subdirectory` and any of its - * descendents, capturing the value of the subdirectory in + * descendants, capturing the value of the subdirectory in * {@link RequestAuthorizationContext#getVariables()}
    • *
* diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java index 72d788924e..700d97a711 100755 --- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java +++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java @@ -72,8 +72,7 @@ public class ThrowableAnalyzer { }; /** - * Map of registered cause extractors. key: Class<Throwable>; value: - * ThrowableCauseExctractor + * Map of registered cause extractors. key: Class<Throwable>; value: ThrowableCauseExtractor */ private final Map, ThrowableCauseExtractor> extractorMap; diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java index 099caea7a5..2298a51b48 100644 --- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java +++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java @@ -87,7 +87,7 @@ public final class UrlUtils { * (SEC-1255). This method is typically used to return a URL for matching against * secured paths, hence the decoded form is used in preference to the requestURI for * building the returned value. But this method may also be called using dummy request - * objects which just have the requestURI and contextPatth set, for example, so it + * objects which just have the requestURI and contextPath set, for example, so it * will fall back to using those. * @return the decoded URL, excluding any server name, context path or servlet path * diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java index 61dc404e84..03b95a2e00 100644 --- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java +++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java @@ -38,7 +38,7 @@ public class HttpSessionEventPublisherTests { * It's not that complicated so we'll just run it straight through here. */ @Test - public void publishedEventIsReceivedbyListener() { + public void publishedEventIsReceivedByListener() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); StaticWebApplicationContext context = new StaticWebApplicationContext(); MockServletContext servletContext = new MockServletContext(); @@ -66,7 +66,7 @@ public class HttpSessionEventPublisherTests { } @Test - public void publishedEventIsReceivedbyListenerChildContext() { + public void publishedEventIsReceivedByListenerChildContext() { HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); StaticWebApplicationContext context = new StaticWebApplicationContext(); MockServletContext servletContext = new MockServletContext(); diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java index 21c769b17c..7611e5f06c 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java @@ -71,7 +71,7 @@ public interface CredentialRecord { /** * The transpots + * "https://www.w3.org/TR/webauthn-3/#abstract-opdef-credential-record-transports">transports * is the value returned from {@code response.getTransports()}. * @return */ diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java index 438a169d1f..fa8cc99663 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java @@ -203,7 +203,7 @@ public final class PublicKeyCredential implemen /** * Sets the {@link #getAuthenticatorAttachment()} property. - * @param authenticatorAttachment the authenticator attachement + * @param authenticatorAttachment the authenticator attachment * @return the PublicKeyCredentialBuilder */ public PublicKeyCredentialBuilder authenticatorAttachment(AuthenticatorAttachment authenticatorAttachment) { diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java index 5e5c0ccacb..0bba299b39 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java @@ -105,7 +105,7 @@ public final class PublicKeyCredentialCreationOptions { /** * The publicKeyCredParams - * params lisst the key types and signature algorithms the Relying Party Supports, + * params list the key types and signature algorithms the Relying Party Supports, * ordered from most preferred to least preferred. * @return the public key credential parameters */ diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java index 370c3b6a93..b3f9f216a0 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java @@ -19,7 +19,7 @@ package org.springframework.security.web.webauthn.api; /** * The ResidentKeyRequirement - * describes the Relying Partys requirements for client-side discoverable credentials. + * describes the Relying Party requirements for client-side discoverable credentials. * * @author Rob Winch * @since 6.4