IDEA inspection refactorings.

acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java

@@ -145,11 +145,7 @@ public class AclEntryVoter extends AbstractAclVoter {
     }
 
     public boolean supports(ConfigAttribute attribute) {
-        if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) {
+        return (attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute());
-            return true;
-        } else {
-            return false;
-        }
     }
 
     public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
@@ -177,7 +173,7 @@ public class AclEntryVoter extends AbstractAclVoter {
                 try {
                     Class<?> clazz = domainObject.getClass();
                     Method method = clazz.getMethod(internalMethod, new Class[0]);
-                    domainObject = method.invoke(domainObject, new Object[0]);
+                    domainObject = method.invoke(domainObject);
                 } catch (NoSuchMethodException nsme) {
                     throw new AuthorizationServiceException("Object of class '" + domainObject.getClass()
                         + "' does not provide the requested internalMethod: " + internalMethod);

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -34,7 +34,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 
     private final Log logger = LogFactory.getLog(getClass());
 
-    private AclService aclService;
+    private final AclService aclService;
     private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
     private ObjectIdentityGenerator objectIdentityGenerator = new ObjectIdentityRetrievalStrategyImpl();
     private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
@@ -117,7 +117,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 
         if (permission instanceof String) {
             String permString = (String)permission;
-            Permission p = null;
+            Permission p;
 
             try {
                 p = permissionFactory.buildFromName(permString);

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -43,12 +43,12 @@ import org.springframework.util.Assert;
 public abstract class AbstractAclProvider implements AfterInvocationProvider {
     //~ Instance fields ================================================================================================
 
-    protected AclService aclService;
+    protected final AclService aclService;
     protected Class<?> processDomainObjectClass = Object.class;
     protected ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
     protected SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
     protected String processConfigAttribute;
-    protected List<Permission> requirePermission = Arrays.asList(BasePermission.READ);
+    protected final List<Permission> requirePermission;
 
     //~ Constructors ===================================================================================================
 
@@ -78,11 +78,9 @@ public abstract class AbstractAclProvider implements AfterInvocationProvider {
         // Obtain the SIDs applicable to the principal
         List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
 
-        Acl acl = null;
-
         try {
             // Lookup only ACLs for SIDs we're interested in
-            acl = aclService.readAclById(objectIdentity, sids);
+            Acl acl = aclService.readAclById(objectIdentity, sids);
 
             return acl.isGranted(requirePermission, sids, false);
         } catch (NotFoundException ignore) {

acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java

@@ -95,7 +95,7 @@ class ArrayFilterer<T> implements Filterer<T> {
             }
 
             public T next() {
-                if (hasNext() == false) {
+                if (!hasNext()) {
                     throw new NoSuchElementException();
                 }
                 return list[index++];

acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java

@@ -37,12 +37,9 @@ class CollectionFilterer<T> implements Filterer<T> {
 
     //~ Instance fields ================================================================================================
 
-    private Collection<T> collection;
+    private final Collection<T> collection;
 
-    // collectionIter offers significant performance optimisations (as
+    private final Set<T> removeList;
-    // per security-developer mailing list conversation 19/5/05)
-    private Iterator<T> collectionIter;
-    private Set<T> removeList;
 
     //~ Constructors ===================================================================================================
 
@@ -88,9 +85,7 @@ class CollectionFilterer<T> implements Filterer<T> {
      * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
      */
     public Iterator<T> iterator() {
-        collectionIter = collection.iterator();
+        return collection.iterator();
-
-        return collectionIter;
     }
 
     /**

acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java

@@ -12,7 +12,7 @@ public abstract class AbstractPermission implements Permission {
 
     //~ Instance fields ================================================================================================
 
-    protected char code;
+    protected final char code;
     protected int mask;
 
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java

@@ -33,13 +33,13 @@ import java.io.Serializable;
 public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
     //~ Instance fields ================================================================================================
 
-    private Acl acl;
+    private final Acl acl;
     private Permission permission;
-    private Serializable id;
+    private final Serializable id;
-    private Sid sid;
+    private final Sid sid;
     private boolean auditFailure = false;
     private boolean auditSuccess = false;
-    private boolean granting;
+    private final boolean granting;
 
     //~ Constructors ===================================================================================================
 

acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java

@@ -41,9 +41,9 @@ import org.springframework.util.Assert;
 public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
     //~ Instance fields ================================================================================================
 
-    private GrantedAuthority gaGeneralChanges;
+    private final GrantedAuthority gaGeneralChanges;
-    private GrantedAuthority gaModifyAuditing;
+    private final GrantedAuthority gaModifyAuditing;
-    private GrantedAuthority gaTakeOwnership;
+    private final GrantedAuthority gaTakeOwnership;
     private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
 
     //~ Constructors ===================================================================================================
@@ -84,7 +84,7 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
         }
 
         // Not authorized by ACL ownership; try via adminstrative permissions
-        GrantedAuthority requiredAuthority = null;
+        GrantedAuthority requiredAuthority;
 
         if (changeType == CHANGE_AUDITING) {
             requiredAuthority = this.gaModifyAuditing;

acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java

@@ -43,7 +43,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
     private Acl parentAcl;
     private transient AclAuthorizationStrategy aclAuthorizationStrategy;
     private transient PermissionGrantingStrategy permissionGrantingStrategy;
-    private List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>();
+    private final List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>();
     private ObjectIdentity objectIdentity;
     private Serializable id;
     private Sid owner; // OwnershipAcl

acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java

@@ -64,18 +64,19 @@ public class DefaultPermissionFactory implements PermissionFactory {
 
         Field[] fields = clazz.getFields();
 
-        for (int i = 0; i < fields.length; i++) {
+        for (Field field : fields) {
             try {
-                Object fieldValue = fields[i].get(null);
+                Object fieldValue = field.get(null);
 
                 if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                     // Found a Permission static field
                     Permission perm = (Permission) fieldValue;
-                    String permissionName = fields[i].getName();
+                    String permissionName = field.getName();
 
                     registerPermission(perm, permissionName);
                 }
-            } catch (Exception ignore) {}
+            } catch (Exception ignore) {
+            }
         }
     }
 

acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java

@@ -12,7 +12,7 @@ import org.springframework.util.Assert;
 
 public class DefaultPermissionGrantingStrategy implements PermissionGrantingStrategy {
 
-    private transient AuditLogger auditLogger;
+    private final transient AuditLogger auditLogger;
 
     /**
      * Creates an instance with the logger which will be used to record granting and denial of requested permissions.

acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java

@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
 public class EhCacheBasedAclCache implements AclCache {
     //~ Instance fields ================================================================================================
 
-    private Ehcache cache;
+    private final Ehcache cache;
     private PermissionGrantingStrategy permissionGrantingStrategy;
     private AclAuthorizationStrategy aclAuthorizationStrategy;
 

acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java

@@ -30,7 +30,7 @@ import org.springframework.util.Assert;
 public class GrantedAuthoritySid implements Sid {
     //~ Instance fields ================================================================================================
 
-    private String grantedAuthority;
+    private final String grantedAuthority;
 
     //~ Constructors ===================================================================================================
 

acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java

@@ -78,7 +78,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
 
         try {
             Method method = typeClass.getMethod("getId", new Class[] {});
-            result = method.invoke(object, new Object[] {});
+            result = method.invoke(object);
         } catch (Exception e) {
             throw new IdentityUnavailableException("Could not extract identity from object " + object, e);
         }

acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java

@@ -32,7 +32,7 @@ import org.springframework.util.Assert;
 public class PrincipalSid implements Sid {
     //~ Instance fields ================================================================================================
 
-    private String principal;
+    private final String principal;
 
     //~ Constructors ===================================================================================================
 

acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java

@@ -107,11 +107,11 @@ public final class BasicLookupStrategy implements LookupStrategy {
 
     //~ Instance fields ================================================================================================
 
-    private AclAuthorizationStrategy aclAuthorizationStrategy;
+    private final AclAuthorizationStrategy aclAuthorizationStrategy;
     private PermissionFactory permissionFactory = new DefaultPermissionFactory();
-    private AclCache aclCache;
+    private final AclCache aclCache;
-    private PermissionGrantingStrategy grantingStrategy;
+    private final PermissionGrantingStrategy grantingStrategy;
-    private JdbcTemplate jdbcTemplate;
+    private final JdbcTemplate jdbcTemplate;
     private int batchSize = 50;
 
     private final Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
@@ -476,8 +476,8 @@ public final class BasicLookupStrategy implements LookupStrategy {
     //~ Inner Classes ==================================================================================================
 
     private class ProcessResultSet implements ResultSetExtractor<Set<Long>> {
-        private Map<Serializable, Acl> acls;
+        private final Map<Serializable, Acl> acls;
-        private List<Sid> sids;
+        private final List<Sid> sids;
 
         public ProcessResultSet(Map<Serializable, Acl> acls, List<Sid> sids) {
             Assert.notNull(acls, "ACLs cannot be null");
@@ -603,7 +603,7 @@ public final class BasicLookupStrategy implements LookupStrategy {
     }
 
     private class StubAclParent implements Acl {
-        private Long id;
+        private final Long id;
 
         public StubAclParent(Long id) {
             this.id = id;

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java

@@ -56,8 +56,8 @@ public class JdbcAclService implements AclService {
 
     //~ Instance fields ================================================================================================
 
-    protected JdbcTemplate jdbcTemplate;
+    protected final JdbcTemplate jdbcTemplate;
-    private LookupStrategy lookupStrategy;
+    private final LookupStrategy lookupStrategy;
     private String findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL;
 
     //~ Constructors ===================================================================================================
@@ -109,10 +109,9 @@ public class JdbcAclService implements AclService {
         Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);
 
         // Check every requested object identity was found (throw NotFoundException if needed)
-        for (int i = 0; i < objects.size(); i++) {
+        for (ObjectIdentity oid : objects) {
-            if (!result.containsKey(objects.get(i))) {
+            if (!result.containsKey(oid)) {
-                throw new NotFoundException("Unable to find ACL information for object identity '"
+                throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
-                    + objects.get(i) + "'");
             }
         }
 

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -61,7 +61,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
     //~ Instance fields ================================================================================================
 
     private boolean foreignKeysInDatabase = true;
-    private AclCache aclCache;
+    private final AclCache aclCache;
     private String deleteEntryByObjectIdentityForeignKey = "delete from acl_entry where acl_object_identity=?";
     private String deleteObjectIdentityByPrimaryKey = "delete from acl_object_identity where id=?";
     private String classIdentityQuery = "call identity()";
@@ -194,7 +194,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
     protected Long createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
         Assert.notNull(sid, "Sid required");
 
-        String sidName = null;
+        String sidName;
         boolean sidIsPrincipal = true;
 
         if (sid instanceof PrincipalSid) {
@@ -214,7 +214,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
         }
 
         if (allowCreate) {
-            jdbcTemplate.update(insertSid, new Object[] {Boolean.valueOf(sidIsPrincipal), sidName});
+            jdbcTemplate.update(insertSid, Boolean.valueOf(sidIsPrincipal), sidName);
             Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
             return new Long(jdbcTemplate.queryForLong(sidIdentityQuery));
         }
@@ -229,8 +229,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
         if (deleteChildren) {
             List<ObjectIdentity> children = findChildren(objectIdentity);
             if (children != null) {
-                for (int i = 0; i < children.size(); i++) {
+                for (ObjectIdentity child : children) {
-                    deleteAcl(children.get(i), true);
+                    deleteAcl(child, true);
                 }
             }
         } else {
@@ -263,8 +263,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
      * @param oidPrimaryKey the rows in acl_entry to delete
      */
     protected void deleteEntries(Long oidPrimaryKey) {
-        jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey,
+        jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey, oidPrimaryKey);
-                new Object[] {oidPrimaryKey});
     }
 
     /**
@@ -277,7 +276,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
      */
     protected void deleteObjectIdentity(Long oidPrimaryKey) {
         // Delete the acl_object_identity row
-        jdbcTemplate.update(deleteObjectIdentityByPrimaryKey, new Object[] {oidPrimaryKey});
+        jdbcTemplate.update(deleteObjectIdentityByPrimaryKey, oidPrimaryKey);
     }
 
     /**
@@ -291,8 +290,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
      */
     protected Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) {
         try {
-            return new Long(jdbcTemplate.queryForLong(selectObjectIdentityPrimaryKey,
+            return new Long(jdbcTemplate.queryForLong(selectObjectIdentityPrimaryKey, oid.getType(), oid.getIdentifier()));
-                    new Object[] {oid.getType(), oid.getIdentifier()}));
         } catch (DataAccessException notFound) {
             return null;
         }
@@ -326,8 +324,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
         Assert.notNull(objectIdentity, "ObjectIdentity required");
         List<ObjectIdentity> children = findChildren(objectIdentity);
         if (children != null) {
-            for (int i = 0; i < children.size(); i++) {
+            for (ObjectIdentity child : children) {
-                clearCacheIncludingChildren(children.get(i));
+                clearCacheIncludingChildren(child);
             }
         }
         aclCache.evictFromCache(objectIdentity);
@@ -356,7 +354,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 
         Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
         int count = jdbcTemplate.update(updateObjectIdentity,
-                new Object[] {parentId, ownerSid, new Boolean(acl.isEntriesInheriting()), acl.getId()});
+                parentId, ownerSid, Boolean.valueOf(acl.isEntriesInheriting()), acl.getId());
 
         if (count != 1) {
             throw new NotFoundException("Unable to locate ACL to update");

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java

@@ -53,7 +53,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
 
     private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
 
-    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+    private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache();
     private String key;
@@ -194,7 +194,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
         this.ticketValidator = ticketValidator;
     }
 
-    public boolean supports(final Class<? extends Object> authentication) {
+    public boolean supports(final Class<?> authentication) {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)) ||
            (CasAuthenticationToken.class.isAssignableFrom(authentication)) ||
            (CasAssertionAuthenticationToken.class.isAssignableFrom(authentication));

cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java

@@ -36,7 +36,7 @@ public final class GrantedAuthorityFromAssertionAttributesUserDetailsService ext
 
     private static final String NON_EXISTENT_PASSWORD_VALUE = "NO_PASSWORD";
 
-    private String[] attributes;
+    private final String[] attributes;
 
     private boolean convertToUpperCase = true;
 

config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java

@@ -128,7 +128,7 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
             return null;
         }
 
-        public boolean supports(Class<? extends Object> authentication) {
+        public boolean supports(Class<?> authentication) {
             return false;
         }
     }

config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java

@@ -18,7 +18,7 @@ import org.w3c.dom.Element;
  * @author Luke Taylor
  */
 public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser {
-    private static String ATT_USER_DETAILS_REF = "user-service-ref";
+    private static final String ATT_USER_DETAILS_REF = "user-service-ref";
 
     public BeanDefinition parse(Element element, ParserContext pc) {
         RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);

config/src/main/java/org/springframework/security/config/authentication/CachingUserDetailsService.java

@@ -13,7 +13,7 @@ import org.springframework.util.Assert;
  */
 public class CachingUserDetailsService implements UserDetailsService {
     private UserCache userCache = new NullUserCache();
-    private UserDetailsService delegate;
+    private final UserDetailsService delegate;
 
     CachingUserDetailsService(UserDetailsService delegate) {
         this.delegate = delegate;

config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java

@@ -55,7 +55,7 @@ public class PasswordEncoderParser {
         ENCODER_CLASSES.put(OPT_HASH_LDAP_SSHA, LdapShaPasswordEncoder.class);
     }
 
-    private static Log logger = LogFactory.getLog(PasswordEncoderParser.class);
+    private static final Log logger = LogFactory.getLog(PasswordEncoderParser.class);
 
     private BeanMetadataElement passwordEncoder;
     private BeanMetadataElement saltSource;
@@ -69,7 +69,7 @@ public class PasswordEncoderParser {
         boolean useBase64 = false;
 
         if (StringUtils.hasText(element.getAttribute(ATT_BASE_64))) {
-            useBase64 = new Boolean(element.getAttribute(ATT_BASE_64)).booleanValue();
+            useBase64 = Boolean.valueOf(element.getAttribute(ATT_BASE_64)).booleanValue();
         }
 
         String ref = element.getAttribute(ATT_REF);

config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java

@@ -65,8 +65,8 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 
         ManagedList<BeanDefinition> users = new ManagedList<BeanDefinition>();
 
-        for (Iterator i = userElts.iterator(); i.hasNext();) {
+        for (Object elt : userElts) {
-            Element userElt = (Element) i.next();
+            Element userElt = (Element) elt;
             String userName = userElt.getAttribute(ATT_NAME);
             String password = userElt.getAttribute(ATT_PASSWORD);
 

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -72,8 +72,8 @@ final class AuthenticationConfigBuilder {
 
     private static final String ATT_USER_SERVICE_REF = "user-service-ref";
 
-    private Element httpElt;
+    private final Element httpElt;
-    private ParserContext pc;
+    private final ParserContext pc;
 
     private final boolean autoConfig;
     private final boolean allowSessionCreation;
@@ -90,21 +90,18 @@ final class AuthenticationConfigBuilder {
     private RootBeanDefinition openIDFilter;
     private BeanDefinition openIDEntryPoint;
     private BeanReference openIDProviderRef;
-    private String openIDProviderId;
     private String formFilterId = null;
     private String openIDFilterId = null;
     private BeanDefinition x509Filter;
     private BeanReference x509ProviderRef;
-    private String x509ProviderId;
     private BeanDefinition jeeFilter;
     private BeanReference jeeProviderRef;
     private RootBeanDefinition preAuthEntryPoint;
-    private String jeeProviderId;
 
     private BeanDefinition logoutFilter;
     private BeanDefinition loginPageGenerationFilter;
     private BeanDefinition etf;
-    private BeanReference requestCache;
+    private final BeanReference requestCache;
 
     final SecureRandom random;
 
@@ -282,8 +279,7 @@ final class AuthenticationConfigBuilder {
         openIDProviderBuilder.addPropertyValue("authenticationUserDetailsService", uds);
 
         BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
-        openIDProviderId = pc.getReaderContext().registerWithGeneratedName(openIDProvider);
+        openIDProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(openIDProvider));
-        openIDProviderRef = new RuntimeBeanReference(openIDProviderId);
     }
 
     private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) {
@@ -363,8 +359,7 @@ final class AuthenticationConfigBuilder {
 
         provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-        x509ProviderId = pc.getReaderContext().registerWithGeneratedName(provider);
+        x509ProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
-        x509ProviderRef = new RuntimeBeanReference(x509ProviderId);
     }
 
     private void createPrauthEntryPoint(Element source) {
@@ -424,8 +419,7 @@ final class AuthenticationConfigBuilder {
 
         provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", uds);
 
-        jeeProviderId = pc.getReaderContext().registerWithGeneratedName(provider);
+        jeeProviderRef = new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(provider));
-        jeeProviderRef = new RuntimeBeanReference(jeeProviderId);
     }
 
     void createLoginPageFilterIfNeeded() {

config/src/main/java/org/springframework/security/config/http/ChannelAttributeFactory.java

@@ -18,8 +18,8 @@ public class ChannelAttributeFactory {
     private static final String OPT_REQUIRES_HTTPS = "https";
     private static final String OPT_ANY_CHANNEL = "any";
 
-    public static final List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
+    public static List<ConfigAttribute> createChannelAttributes(String requiredChannel) {
-        String channelConfigAttribute = null;
+        String channelConfigAttribute;
 
         if (requiredChannel.equals(OPT_REQUIRES_HTTPS)) {
             channelConfigAttribute = "REQUIRES_SECURE_CHANNEL";

config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java

@@ -24,7 +24,7 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
 import org.springframework.security.web.session.SessionManagementFilter;
 
 public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
-    private Log logger = LogFactory.getLog(getClass());
+    private final Log logger = LogFactory.getLog(getClass());
 
     public void validate(FilterChainProxy fcp) {
         for(List<Filter> filters : fcp.getFilterChainMap().values()) {

config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java

@@ -58,8 +58,8 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco
                 String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
                 ManagedList filterChain = new ManagedList(filterBeanNames.length);
 
-                for (int i=0; i < filterBeanNames.length; i++) {
+                for (String name : filterBeanNames) {
-                    filterChain.add(new RuntimeBeanReference(filterBeanNames[i]));
+                    filterChain.add(new RuntimeBeanReference(name));
                 }
 
                 filterChainMap.put(matcher, filterChain);

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -95,7 +95,7 @@ class HttpConfigurationBuilder {
     private BeanReference sessionStrategyRef;
     private RootBeanDefinition sfpf;
     private BeanDefinition servApiFilter;
-    private String portMapperName;
+    private final String portMapperName;
     private BeanReference fsi;
     private BeanReference requestCache;
 

config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java

@@ -54,12 +54,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     private static final String ATT_REF = "ref";
     private static final String ATT_SECURED = "security";
     private static final String OPT_SECURITY_NONE = "none";
-    private static final String OPT_SECURITY_CONTEXT_ONLY = "contextOnly";
-
-    static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
-    static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler";
-
-    static final List<BeanMetadataElement> NO_FILTERS = Collections.emptyList();
 
     public HttpSecurityBeanDefinitionParser() {
     }
@@ -118,13 +112,13 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 return Collections.emptyList();
             }
 
-            
+
         }
 
         final String portMapperName = createPortMapper(element, pc);
 
         ManagedList<BeanReference> authenticationProviders = new ManagedList<BeanReference>();
-        BeanReference authenticationManager = createAuthenticationManager(element, pc, authenticationProviders, null);
+        BeanReference authenticationManager = createAuthenticationManager(element, pc, authenticationProviders);
 
         HttpConfigurationBuilder httpBldr = new HttpConfigurationBuilder(element, pc, matcherType,
                 portMapperName, authenticationManager);
@@ -172,7 +166,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
      * authentication manager.
      */
     private BeanReference createAuthenticationManager(Element element, ParserContext pc,
-            ManagedList<BeanReference> authenticationProviders, BeanReference concurrencyController) {
+            ManagedList<BeanReference> authenticationProviders) {
         BeanDefinitionBuilder authManager = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
         authManager.addPropertyValue("parent", new RootBeanDefinition(AuthenticationManagerFactoryBean.class));
         authManager.addPropertyValue("providers", authenticationProviders);
@@ -181,9 +175,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         clearCredentials.getPropertyValues().addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication");
         authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials);
 
-        if (concurrencyController != null) {
-            authManager.addPropertyValue("sessionController", concurrencyController);
-        }
         authManager.getRawBeanDefinition().setSource(pc.extractSource(element));
         BeanDefinition authMgrBean = authManager.getBeanDefinition();
         String id = pc.getReaderContext().generateBeanName(authMgrBean);
@@ -291,8 +282,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 }
 
 class OrderDecorator implements Ordered {
-    BeanMetadataElement bean;
+    final BeanMetadataElement bean;
-    int order;
+    final int order;
 
     public OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) {
         this.bean = bean;

config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java

@@ -26,7 +26,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
     static final String DEF_LOGOUT_URL = "/j_spring_security_logout";
     static final String ATT_LOGOUT_HANDLER = "success-handler-ref";
 
-    String rememberMeServices;
+    final String rememberMeServices;
 
     public LogoutBeanDefinitionParser(String rememberMeServices) {
         this.rememberMeServices = rememberMeServices;

config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java

@@ -15,8 +15,8 @@ abstract class WebConfigUtils {
     public static int countNonEmpty(String[] objects) {
         int nonNulls = 0;
 
-        for (int i = 0; i < objects.length; i++) {
+        for (String object : objects) {
-            if (StringUtils.hasText(objects[i])) {
+            if (StringUtils.hasText(object)) {
                 nonNulls++;
             }
         }

config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java

@@ -20,7 +20,7 @@ import org.w3c.dom.Element;
  * @since 2.0
  */
 public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
-    private Log logger = LogFactory.getLog(getClass());
+    private final Log logger = LogFactory.getLog(getClass());
 
     private static final String ATT_USER_DN_PATTERN = "user-dn-pattern";
     private static final String ATT_USER_PASSWORD = "password-attribute";
@@ -81,7 +81,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
                     parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP",
                             passwordEncoderElement);
                 }
-            } else if (StringUtils.hasText(hash)) {;
+            } else if (StringUtils.hasText(hash)) {
                 authenticatorBuilder.addPropertyValue("passwordEncoder",
                         PasswordEncoderParser.createPasswordEncoderBeanDefinition(hash, false));
             }

config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java

@@ -315,7 +315,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
         }
 
         if (!afterInvocationProviders.isEmpty()) {
-            BeanDefinition afterInvocationManager = null;
+            BeanDefinition afterInvocationManager;
             afterInvocationManager = new RootBeanDefinition(AfterInvocationProviderManager.class);
             afterInvocationManager.getPropertyValues().addPropertyValue("providers", afterInvocationProviders);
             bldr.addPropertyValue("afterInvocationManager", afterInvocationManager);

config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java

@@ -29,7 +29,7 @@ import org.w3c.dom.Node;
  *
  */
 public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDecorator {
-    private BeanDefinitionDecorator delegate = new InternalInterceptMethodsBeanDefinitionDecorator();
+    private final BeanDefinitionDecorator delegate = new InternalInterceptMethodsBeanDefinitionDecorator();
 
     public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
         MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext);
@@ -66,7 +66,6 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
         // Lookup parent bean information
         Element parent = (Element) node.getParentNode();
         String parentBeanClass = parent.getAttribute("class");
-        parent = null;
 
         // Parse the included methods
         List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);

config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java

@@ -50,10 +50,10 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 
     private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
 
-    private Map<String,List<ConfigAttribute>> pointcutMap = new LinkedHashMap<String,List<ConfigAttribute>>();
+    private final Map<String,List<ConfigAttribute>> pointcutMap = new LinkedHashMap<String,List<ConfigAttribute>>();
-    private MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource;
+    private final MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource;
-    private Set<PointcutExpression> pointCutExpressions = new LinkedHashSet<PointcutExpression>();
+    private final Set<PointcutExpression> pointCutExpressions = new LinkedHashSet<PointcutExpression>();
-    private PointcutParser parser;
+    private final PointcutParser parser;
 
     public ProtectPointcutPostProcessor(MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource) {
         Assert.notNull(mapBasedMethodSecurityMetadataSource, "MapBasedMethodSecurityMetadataSource to populate is required");
@@ -88,10 +88,10 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor {
         }
 
         // Check to see if any of those methods are compatible with our pointcut expressions
-        for (int i = 0; i < methods.length; i++) {
+        for (Method method : methods) {
             for (PointcutExpression expression : pointCutExpressions) {
                 // Try for the bean class directly
-                if (attemptMatch(bean.getClass(), methods[i], expression, beanName)) {
+                if (attemptMatch(bean.getClass(), method, expression, beanName)) {
                     // We've found the first expression that matches this method, so move onto the next method now
                     break; // the "while" loop, not the "for" loop
                 }

core/src/main/java/org/springframework/security/access/SecurityConfig.java

@@ -29,7 +29,7 @@ import org.springframework.util.StringUtils;
 public class SecurityConfig implements ConfigAttribute {
     //~ Instance fields ================================================================================================
 
-    private String attrib;
+    private final String attrib;
 
     //~ Constructors ===================================================================================================
 
@@ -62,15 +62,15 @@ public class SecurityConfig implements ConfigAttribute {
         return this.attrib;
     }
 
-    public final static List<ConfigAttribute> createListFromCommaDelimitedString(String access) {
+    public static List<ConfigAttribute> createListFromCommaDelimitedString(String access) {
         return createList(StringUtils.commaDelimitedListToStringArray(access));
     }
 
-    public final static List<ConfigAttribute> createSingleAttributeList(String access) {
+    public static List<ConfigAttribute> createSingleAttributeList(String access) {
         return createList(access);
     }
 
-    public final static List<ConfigAttribute> createList(String... attributeNames) {
+    public static List<ConfigAttribute> createList(String... attributeNames) {
         Assert.notNull(attributeNames, "You must supply an array of attribute names");
         List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeNames.length);
 

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java

@@ -8,7 +8,7 @@ import org.springframework.expression.TypedValue;
 
 @SuppressWarnings("unchecked")
 public final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
-    public Class[] CLASSES = {SecurityExpressionRoot.class};
+    public final Class[] CLASSES = {SecurityExpressionRoot.class};
 
     public boolean canRead(EvaluationContext context, Object target, String name) throws AccessException {
         ApplicationContext ctx = ((SecurityExpressionRoot)target).getApplicationContext();

core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java

@@ -44,7 +44,7 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp
     private PermissionCacheOptimizer permissionCacheOptimizer = null;
     private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
     private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor();
-    private ExpressionParser expressionParser = new SpelExpressionParser();
+    private final ExpressionParser expressionParser = new SpelExpressionParser();
     private RoleHierarchy roleHierarchy;
     private ApplicationContext applicationContext;
 
@@ -127,11 +127,11 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp
                 permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array));
             }
 
-            for (int i = 0; i < array.length; i++) {
+            for (Object o : array) {
-                rootObject.setFilterObject(array[i]);
+                rootObject.setFilterObject(o);
 
                 if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) {
-                    retainList.add(array[i]);
+                    retainList.add(o);
                 }
             }
 

core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java

@@ -22,7 +22,7 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac
  * @since 3.0
  */
 public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
-    private ExpressionParser parser;
+    private final ExpressionParser parser;
 
     public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler handler) {
         parser = handler.getExpressionParser();

core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java

@@ -19,7 +19,7 @@ import org.springframework.security.core.Authentication;
 public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice{
     protected final Log logger = LogFactory.getLog(getClass());
 
-    private MethodSecurityExpressionHandler expressionHandler;
+    private final MethodSecurityExpressionHandler expressionHandler;
 
     public ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler expressionHandler) {
         this.expressionHandler = expressionHandler;

core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java

@@ -23,7 +23,7 @@ import org.springframework.security.core.Authentication;
  * @since 3.0
  */
 class MethodSecurityEvaluationContext extends StandardEvaluationContext {
-    private static Log logger = LogFactory.getLog(MethodSecurityEvaluationContext.class);
+    private static final Log logger = LogFactory.getLog(MethodSecurityEvaluationContext.class);
 
     private ParameterNameDiscoverer parameterNameDiscoverer;
     private final MethodInvocation mi;
@@ -93,7 +93,7 @@ class MethodSecurityEvaluationContext extends StandardEvaluationContext {
         Class<?> targetClass = AopProxyUtils.ultimateTargetClass(targetObject);
 
         if (targetClass == null) {
-            // TODO: Spring should do this, but there's a bug in ultimateTargetClass() which returns null 
+            // TODO: Spring should do this, but there's a bug in ultimateTargetClass() which returns null
             targetClass = targetObject.getClass();
         }
 

core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java

@@ -135,9 +135,7 @@ public class RoleHierarchyImpl implements RoleHierarchy {
     private void addReachableRoles(Set<GrantedAuthority> reachableRoles,
             GrantedAuthority authority) {
 
-        Iterator<GrantedAuthority> iterator = reachableRoles.iterator();
+        for (GrantedAuthority testAuthority : reachableRoles) {
-        while (iterator.hasNext()) {
-            GrantedAuthority testAuthority = iterator.next();
             String testKey = testAuthority.getAuthority();
             if ((testKey != null) && (testKey.equals(authority.getAuthority()))) {
                 return;
@@ -154,9 +152,7 @@ public class RoleHierarchyImpl implements RoleHierarchy {
             return null;
         }
 
-        Iterator<GrantedAuthority> iterator = rolesReachableInOneOrMoreStepsMap.keySet().iterator();
+        for (GrantedAuthority testAuthority : rolesReachableInOneOrMoreStepsMap.keySet()) {
-        while (iterator.hasNext()) {
-            GrantedAuthority testAuthority = iterator.next();
             String testKey = testAuthority.getAuthority();
             if ((testKey != null) && (testKey.equals(authority.getAuthority()))) {
                 return rolesReachableInOneOrMoreStepsMap.get(testAuthority);
@@ -171,7 +167,7 @@ public class RoleHierarchyImpl implements RoleHierarchy {
      * references a set of the reachable lower roles.
      */
     private void buildRolesReachableInOneStepMap() {
-        Pattern pattern = Pattern.compile("(\\s*([^\\s>]+)\\s*\\>\\s*([^\\s>]+))");
+        Pattern pattern = Pattern.compile("(\\s*([^\\s>]+)\\s*>\\s*([^\\s>]+))");
 
         Matcher roleHierarchyMatcher = pattern.matcher(roleHierarchyStringRepresentation);
         rolesReachableInOneStepMap = new HashMap<GrantedAuthority, Set<GrantedAuthority>>();
@@ -179,7 +175,7 @@ public class RoleHierarchyImpl implements RoleHierarchy {
         while (roleHierarchyMatcher.find()) {
             GrantedAuthority higherRole = new GrantedAuthorityImpl(roleHierarchyMatcher.group(2));
             GrantedAuthority lowerRole = new GrantedAuthorityImpl(roleHierarchyMatcher.group(3));
-            Set<GrantedAuthority> rolesReachableInOneStepSet = null;
+            Set<GrantedAuthority> rolesReachableInOneStepSet;
 
             if (!rolesReachableInOneStepMap.containsKey(higherRole)) {
                 rolesReachableInOneStepSet = new HashSet<GrantedAuthority>();

core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java

@@ -33,10 +33,10 @@ import org.springframework.security.core.Authentication;
 public class InterceptorStatusToken {
     //~ Instance fields ================================================================================================
 
-    private Authentication authentication;
+    private final Authentication authentication;
-    private Collection<ConfigAttribute> attr;
+    private final Collection<ConfigAttribute> attr;
-    private Object secureObject;
+    private final Object secureObject;
-    private boolean contextHolderRefreshRequired;
+    private final boolean contextHolderRefreshRequired;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java

@@ -74,11 +74,7 @@ public class RunAsImplAuthenticationProvider implements InitializingBean, Authen
         this.messages = new MessageSourceAccessor(messageSource);
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
-        if (RunAsUserToken.class.isAssignableFrom(authentication)) {
+        return RunAsUserToken.class.isAssignableFrom(authentication);
-            return true;
-        } else {
-            return false;
-        }
     }
 }

core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java

@@ -42,7 +42,7 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 
     //~ Methods ========================================================================================================
 
-    public Class<? extends Object> getSecureObjectClass() {
+    public Class<?> getSecureObjectClass() {
         return MethodInvocation.class;
     }
 

core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java

@@ -54,8 +54,8 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
     private transient MethodSecurityInterceptor interceptor;
     private final Pointcut pointcut = new MethodSecurityMetadataSourcePointcut();
     private BeanFactory beanFactory;
-    private String adviceBeanName;
+    private final String adviceBeanName;
-    private String metadataSourceBeanName;
+    private final String metadataSourceBeanName;
     private transient volatile Object adviceMonitor = new Object();
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJAnnotationSecurityInterceptor.java

@@ -25,7 +25,7 @@ public class AspectJAnnotationSecurityInterceptor extends AbstractSecurityInterc
         return this.securityMetadataSource;
     }
 
-    public Class<? extends Object> getSecureObjectClass() {
+    public Class<?> getSecureObjectClass() {
         return JoinPoint.class;
     }
 

core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJSecurityInterceptor.java

@@ -47,7 +47,7 @@ public class AspectJSecurityInterceptor extends AbstractSecurityInterceptor {
 
     //~ Methods ========================================================================================================
 
-    public Class<? extends Object> getSecureObjectClass() {
+    public Class<?> getSecureObjectClass() {
         return JoinPoint.class;
     }
 

core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java

@@ -48,10 +48,10 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
     private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
 
     /** Map from RegisteredMethod to ConfigAttribute list */
-    protected Map<RegisteredMethod, List<ConfigAttribute>> methodMap = new HashMap<RegisteredMethod, List<ConfigAttribute>>();
+    protected final Map<RegisteredMethod, List<ConfigAttribute>> methodMap = new HashMap<RegisteredMethod, List<ConfigAttribute>>();
 
     /** Map from RegisteredMethod to name pattern used for registration */
-    private Map<RegisteredMethod, String> nameMap = new HashMap<RegisteredMethod, String>();
+    private final Map<RegisteredMethod, String> nameMap = new HashMap<RegisteredMethod, String>();
 
     //~ Methods ========================================================================================================
 
@@ -139,9 +139,9 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
         Method[] methods = javaType.getMethods();
         List<Method> matchingMethods = new ArrayList<Method>();
 
-        for (int i = 0; i < methods.length; i++) {
+        for (Method m : methods) {
-            if (methods[i].getName().equals(mappedName) || isMatch(methods[i].getName(), mappedName)) {
+            if (m.getName().equals(mappedName) || isMatch(m.getName(), mappedName)) {
-                matchingMethods.add(methods[i]);
+                matchingMethods.add(m);
             }
         }
 
@@ -252,8 +252,8 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
      * Class will be the Class we're invoking against and the Method will provide details of the declared class.
      */
     private class RegisteredMethod {
-        private Method method;
+        private final Method method;
-        private Class<?> registeredJavaType;
+        private final Class<?> registeredJavaType;
 
         public RegisteredMethod(Method method, Class<?> registeredJavaType) {
             Assert.notNull(method, "Method required");

core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java

@@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
 public class PostInvocationAdviceProvider implements AfterInvocationProvider {
     protected final Log logger = LogFactory.getLog(getClass());
 
-    private PostInvocationAuthorizationAdvice postAdvice;
+    private final PostInvocationAuthorizationAdvice postAdvice;
 
     public PostInvocationAdviceProvider(PostInvocationAuthorizationAdvice postAdvice) {
         this.postAdvice = postAdvice;

core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java

@@ -24,7 +24,7 @@ import org.springframework.security.core.Authentication;
 public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter {
     protected final Log logger = LogFactory.getLog(getClass());
 
-    private PreInvocationAuthorizationAdvice preAdvice;
+    private final PreInvocationAuthorizationAdvice preAdvice;
 
     public PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre) {
         this.preAdvice = pre;

core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java

@@ -95,11 +95,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
     }
 
     public boolean supports(ConfigAttribute attribute) {
-        Iterator<AccessDecisionVoter> iter = this.decisionVoters.iterator();
+        for (AccessDecisionVoter voter : this.decisionVoters) {
-
-        while (iter.hasNext()) {
-            AccessDecisionVoter voter = iter.next();
-
             if (voter.supports(attribute)) {
                 return true;
             }
@@ -118,11 +114,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
      * @return true if this type is supported
      */
     public boolean supports(Class<?> clazz) {
-        Iterator<AccessDecisionVoter> iter = this.decisionVoters.iterator();
+        for (AccessDecisionVoter voter : this.decisionVoters) {
-
-        while (iter.hasNext()) {
-            AccessDecisionVoter voter = iter.next();
-
             if (!voter.supports(clazz)) {
                 return false;
             }

core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java

@@ -80,12 +80,6 @@ public abstract class AbstractAclVoter implements AccessDecisionVoter {
      * @return <code>true</code> if the secure object is <code>MethodInvocation</code>, <code>false</code> otherwise
      */
     public boolean supports(Class<?> clazz) {
-        if (MethodInvocation.class.isAssignableFrom(clazz)) {
+        return (MethodInvocation.class.isAssignableFrom(clazz) || JoinPoint.class.isAssignableFrom(clazz));
-            return true;
-        } else if (JoinPoint.class.isAssignableFrom(clazz)) {
-            return true;
-        } else {
-            return false;
-        }
     }
 }

core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java

@@ -10,7 +10,7 @@ import org.springframework.context.support.MessageSourceAccessor;
  */
 public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
 
-    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+    protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
     public void check(UserDetails user) {
         if (!user.isAccountNonLocked()) {

core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationProvider.java

@@ -73,7 +73,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
         this.messages = new MessageSourceAccessor(messageSource);
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return (AnonymousAuthenticationToken.class.isAssignableFrom(authentication));
     }
 }

core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java

@@ -11,7 +11,7 @@ import java.io.Serializable;
 public class AuthenticationDetails implements Serializable {
    //~ Instance fields ================================================================================================
 
-   private String context;
+   private final String context;
 
    //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSourceImpl.java

@@ -50,10 +50,10 @@ public class AuthenticationDetailsSourceImpl implements AuthenticationDetailsSou
     private Constructor<?> getFirstMatchingConstructor(Object object) throws NoSuchMethodException {
         Constructor<?>[] constructors = clazz.getDeclaredConstructors();
         Constructor<?> constructor = null;
-        for (int i = 0; i < constructors.length; i++) {
+        for (Constructor<?> tryMe : constructors) {
-            Class<?>[] parameterTypes = constructors[i].getParameterTypes();
+            Class<?>[] parameterTypes = tryMe.getParameterTypes();
             if (parameterTypes.length == 1 && (object == null || parameterTypes[0].isInstance(object))) {
-                constructor = constructors[i];
+                constructor = tryMe;
                 break;
             }
         }

core/src/main/java/org/springframework/security/authentication/AuthenticationProvider.java

@@ -62,5 +62,5 @@ public interface AuthenticationProvider {
      * @return <code>true</code> if the implementation can more closely evaluate the <code>Authentication</code> class
      *         presented
      */
-    boolean supports(Class<? extends Object> authentication);
+    boolean supports(Class<?> authentication);
 }

core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java

@@ -23,9 +23,8 @@ import org.springframework.security.core.AuthenticationException;
  * <p>
  * {@link org.springframework.security.access.AccessDecisionVoter}s will typically throw this exception if
  * they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or
- * anonymously. The commonly used {@link org.springframework.security.web.access.ExceptionTranslationFilter
+ * anonymously. The {@code ExceptionTranslationFilter} will then typically cause the {@code AuthenticationEntryPoint}
- * ExceptionTranslationFilter} will thus cause the <code>AuthenticationEntryPoint</code> to be called, allowing
+ * to be called, allowing the principal to authenticate with a stronger level of authentication.
- * the principal to authenticate with a stronger level of authentication.
  *
  * @author Ben Alex
  */

core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationProvider.java

@@ -69,7 +69,7 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
         this.messages = new MessageSourceAccessor(messageSource);
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return (RememberMeAuthenticationToken.class.isAssignableFrom(authentication));
     }
 }

core/src/main/java/org/springframework/security/authentication/TestingAuthenticationProvider.java

@@ -36,7 +36,7 @@ public class TestingAuthenticationProvider implements AuthenticationProvider {
         return authentication;
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return TestingAuthenticationToken.class.isAssignableFrom(authentication);
     }
 }

core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java

@@ -33,8 +33,8 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
     private static final long serialVersionUID = 1L;
-    private Object credentials;
+    private final Object credentials;
-    private Object principal;
+    private final Object principal;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java

@@ -262,7 +262,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         this.userCache = userCache;
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
     }
 

core/src/main/java/org/springframework/security/authentication/dao/ReflectionSaltSource.java

@@ -66,7 +66,7 @@ public class ReflectionSaltSource implements SaltSource, InitializingBean {
         Method saltMethod = findSaltMethod(user);
 
         try {
-            return saltMethod.invoke(user, new Object[] {});
+            return saltMethod.invoke(user);
         } catch (Exception exception) {
             throw new AuthenticationServiceException(exception.getMessage(), exception);
         }

core/src/main/java/org/springframework/security/authentication/encoding/Md4.java

@@ -25,8 +25,8 @@ class Md4 {
     private final byte[] buffer = new byte[BLOCK_SIZE];
     private int bufferOffset;
     private long byteCount;
-    private int[] state = new int[4];
+    private final int[] state = new int[4];
-    private int[] tmp = new int[16];
+    private final int[] tmp = new int[16];
 
     Md4() {
         reset();

core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java

@@ -29,7 +29,7 @@ import org.springframework.util.Assert;
 public abstract class AbstractAuthenticationFailureEvent extends AbstractAuthenticationEvent {
     //~ Instance fields ================================================================================================
 
-    private AuthenticationException exception;
+    private final AuthenticationException exception;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/event/InteractiveAuthenticationSuccessEvent.java

@@ -29,7 +29,7 @@ import org.springframework.util.Assert;
 public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticationEvent {
     //~ Instance fields ================================================================================================
 
-    private Class<?> generatedBy;
+    private final Class<?> generatedBy;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java

@@ -191,8 +191,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
             Set<Principal> principals = loginContext.getSubject().getPrincipals();
 
             for (Principal principal : principals) {
-                for (int i = 0; i < authorityGranters.length; i++) {
+                for (AuthorityGranter granter : authorityGranters) {
-                    AuthorityGranter granter = authorityGranters[i];
                     Set<String> roles = granter.grant(principal);
 
                     // If the granter doesn't wish to grant any authorities, it should return null.
@@ -249,7 +248,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
 
         int n = 1;
         final String prefix = "login.config.url.";
-        String existing = null;
+        String existing;
 
         while ((existing = Security.getProperty(prefix + n)) != null) {
             alreadySet = existing.equals(loginConfigUrl);
@@ -270,7 +269,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
 
     private String convertLoginConfigToUrl() throws IOException {
         String loginConfigPath = loginConfig.getFile().getAbsolutePath();
-        loginConfigPath.replace(File.separatorChar, '/');
+        loginConfigPath = loginConfigPath.replace(File.separatorChar, '/');
 
         if (!loginConfigPath.startsWith("/")) {
             loginConfigPath = "/" + loginConfigPath;
@@ -436,7 +435,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
         this.refreshConfigurationOnStartup = refresh;
     }
 
-    public boolean supports(Class<? extends Object> aClass) {
+    public boolean supports(Class<?> aClass) {
         return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
     }
 
@@ -454,19 +453,15 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
      * Wrapper class for JAASAuthenticationCallbackHandlers
      */
     private class InternalCallbackHandler implements CallbackHandler {
-        private Authentication authentication;
+        private final Authentication authentication;
 
         public InternalCallbackHandler(Authentication authentication) {
             this.authentication = authentication;
         }
 
         public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-            for (int i = 0; i < callbackHandlers.length; i++) {
+            for (JaasAuthenticationCallbackHandler handler : callbackHandlers) {
-                JaasAuthenticationCallbackHandler handler = callbackHandlers[i];
+                for (Callback callback : callbacks) {
-
-                for (int j = 0; j < callbacks.length; j++) {
-                    Callback callback = callbacks[j];
-
                     handler.handle(callback, authentication);
                 }
             }

core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java

@@ -32,7 +32,7 @@ public class JaasGrantedAuthority extends GrantedAuthorityImpl {
     //~ Instance fields ================================================================================================
 
     private static final long serialVersionUID = 1L;
-    private Principal principal;
+    private final Principal principal;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/jaas/JaasNameCallbackHandler.java

@@ -54,7 +54,7 @@ public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandle
         throws IOException, UnsupportedCallbackException {
         if (callback instanceof NameCallback) {
             NameCallback ncb = (NameCallback) callback;
-            String username = "";
+            String username;
 
             Object principal = authentication.getPrincipal();
 

core/src/main/java/org/springframework/security/authentication/jaas/event/JaasAuthenticationFailedEvent.java

@@ -26,7 +26,7 @@ import org.springframework.security.core.Authentication;
 public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent {
     //~ Instance fields ================================================================================================
 
-    private Exception exception;
+    private final Exception exception;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java

@@ -49,9 +49,7 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
         UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
 
         try {
-            Collection<GrantedAuthority> authorities = authenticationManager.authenticate(request).getAuthorities();
+            return authenticationManager.authenticate(request).getAuthorities();
-
-            return authorities;
         } catch (AuthenticationException authEx) {
             throw new RemoteAuthenticationException(authEx.getMessage());
         }

core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java

@@ -71,7 +71,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
         this.remoteAuthenticationManager = remoteAuthenticationManager;
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
     }
 }

core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java

@@ -48,8 +48,8 @@ public abstract class AuthorityUtils {
     public static List<GrantedAuthority> createAuthorityList(String... roles) {
         List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roles.length);
 
-        for (int i=0; i < roles.length; i++) {
+        for (String role : roles) {
-            authorities.add(new GrantedAuthorityImpl(roles[i]));
+            authorities.add(new GrantedAuthorityImpl(role));
         }
 
         return authorities;

core/src/main/java/org/springframework/security/core/authority/GrantedAuthorityImpl.java

@@ -37,7 +37,7 @@ public class GrantedAuthorityImpl implements GrantedAuthority, Serializable {
     //~ Instance fields ================================================================================================
 
     private static final long serialVersionUID = 1L;
-    private String role;
+    private final String role;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapper.java

@@ -127,8 +127,8 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements Attributes2G
     }
 
     private void addGrantedAuthorityCollection(Collection<GrantedAuthority> result, Object[] value) {
-        for ( int i = 0 ; i < value.length ; i++ ) {
+        for (Object aValue : value) {
-            addGrantedAuthorityCollection(result,value[i]);
+            addGrantedAuthorityCollection(result, aValue);
         }
     }
 

core/src/main/java/org/springframework/security/core/codec/Base64.java

@@ -266,7 +266,7 @@ public final class Base64 {
      * in which case one of them will be picked, though there is
      * no guarantee as to which one will be picked.
      */
-    private final static byte[] getAlphabet( int options ) {
+    private static byte[] getAlphabet( int options ) {
         if ((options & URL_SAFE) == URL_SAFE) {
             return _URL_SAFE_ALPHABET;
         } else if ((options & ORDERED) == ORDERED) {
@@ -283,7 +283,7 @@ public final class Base64 {
      * in which case one of them will be picked, though there is
      * no guarantee as to which one will be picked.
      */
-    private final static byte[] getDecodabet( int options ) {
+    private static byte[] getDecodabet( int options ) {
         if( (options & URL_SAFE) == URL_SAFE) {
             return _URL_SAFE_DECODABET;
         } else if ((options & ORDERED) == ORDERED) {
@@ -600,11 +600,10 @@ public final class Base64 {
 
         byte[] b4        = new byte[4];     // Four byte buffer from source, eliminating white space
         int    b4Posn    = 0;               // Keep track of four byte input buffer
-        int    i         = 0;               // Source array counter
+        byte   sbiCrop;                     // Low seven bits (ASCII) of input
-        byte   sbiCrop   = 0;               // Low seven bits (ASCII) of input
+        byte   sbiDecode;                   // Special value from DECODABET
-        byte   sbiDecode = 0;               // Special value from DECODABET
 
-        for( i = off; i < off+len; i++ ) {  // Loop through source
+        for(int i = off; i < off+len; i++ ) {  // Loop through source
 
             sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
             sbiDecode = DECODABET[ sbiCrop ];   // Special value

core/src/main/java/org/springframework/security/core/context/InheritableThreadLocalSecurityContextHolderStrategy.java

@@ -25,7 +25,6 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  *
  * @see java.lang.ThreadLocal
- * @see org.springframework.security.core.context.web.SecurityContextPersistenceFilter
  */
 final class InheritableThreadLocalSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
     //~ Static fields/initializers =====================================================================================

core/src/main/java/org/springframework/security/core/session/SessionInformation.java

@@ -38,8 +38,8 @@ public class SessionInformation implements Serializable {
     //~ Instance fields ================================================================================================
 
     private Date lastRequest;
-    private Object principal;
+    private final Object principal;
-    private String sessionId;
+    private final String sessionId;
     private boolean expired = false;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/springframework/security/core/token/DefaultToken.java

@@ -11,9 +11,9 @@ import org.springframework.util.Assert;
  * @since 2.0.1
  */
 public class DefaultToken implements Token {
-    private String key;
+    private final String key;
-    private long keyCreationTime;
+    private final long keyCreationTime;
-    private String extendedInformation;
+    private final String extendedInformation;
 
     public DefaultToken(String key, long keyCreationTime, String extendedInformation) {
         Assert.hasText(key, "Key required");
@@ -52,7 +52,7 @@ public class DefaultToken implements Token {
     }
 
     public String toString() {
-        return "DefaultToken[key=" + new String(key) + "; creation=" + new Date(keyCreationTime) + "; extended=" + extendedInformation + "]";
+        return "DefaultToken[key=" + key + "; creation=" + new Date(keyCreationTime) + "; extended=" + extendedInformation + "]";
     }
 
 

core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java

@@ -63,7 +63,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
         long creationTime = new Date().getTime();
         String serverSecret = computeServerSecretApplicableAt(creationTime);
         String pseudoRandomNumber = generatePseudoRandomNumber();
-        String content = new Long(creationTime).toString() + ":" + pseudoRandomNumber + ":" + extendedInformation;
+        String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation;
 
         // Compute key
         String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
@@ -102,7 +102,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
         String sha1Hex = tokens[tokens.length-1];
 
         // Verification
-        String content = new Long(creationTime).toString() + ":" + pseudoRandomNumber + ":" + extendedInfo.toString();
+        String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInfo.toString();
         String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret);
         Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
 

core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java

@@ -17,29 +17,19 @@ import org.springframework.security.core.codec.Hex;
  *
  */
 public abstract class Sha512DigestUtils  {
-    /**
-     * Returns a MessageDigest for the given <code>algorithm</code>.
-     *
-     * @param algorithm The MessageDigest algorithm name.
-     * @return An MD5 digest instance.
-     * @throws RuntimeException when a {@link java.security.NoSuchAlgorithmException} is caught,
-     */
-    static MessageDigest getDigest(String algorithm) {
-        try {
-            return MessageDigest.getInstance(algorithm);
-        } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException(e.getMessage());
-        }
-    }
 
     /**
      * Returns an SHA digest.
      *
      * @return An SHA digest instance.
-     * @throws RuntimeException when a {@link java.security.NoSuchAlgorithmException} is caught,
+     * @throws RuntimeException when a {@link java.security.NoSuchAlgorithmException} is caught.
      */
     private static MessageDigest getSha512Digest() {
-        return getDigest("SHA-512");
+        try {
+            return MessageDigest.getInstance("SHA-512");
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e.getMessage());
+        }
     }
 
     /**

core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java

@@ -110,7 +110,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
 
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+    protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
     private String authoritiesByUsernameQuery;
     private String groupAuthoritiesByUsernameQuery;
@@ -205,9 +205,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
         return getJdbcTemplate().query(authoritiesByUsernameQuery, new String[] {username}, new RowMapper<GrantedAuthority>() {
             public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
                 String roleName = rolePrefix + rs.getString(2);
-                GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
 
-                return authority;
+                return new GrantedAuthorityImpl(roleName);
             }
         });
     }
@@ -221,9 +220,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
         return getJdbcTemplate().query(groupAuthoritiesByUsernameQuery, new String[] {username}, new RowMapper<GrantedAuthority>() {
             public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
                  String roleName = getRolePrefix() + rs.getString(3);
-                 GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
 
-                 return authority;
+                return new GrantedAuthorityImpl(roleName);
             }
         });
     }

core/src/main/java/org/springframework/security/core/userdetails/memory/UserMapEditor.java

@@ -49,8 +49,8 @@ public class UserMapEditor extends PropertyEditorSupport {
         // Now we have properties, process each one individually
         UserAttributeEditor configAttribEd = new UserAttributeEditor();
 
-        for (Iterator<?> iter = props.keySet().iterator(); iter.hasNext();) {
+        for (Object o : props.keySet()) {
-            String username = (String) iter.next();
+            String username = (String) o;
             String value = props.getProperty(username);
 
             // Convert value to a password, enabled setting, and list of granted authorities

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java

@@ -180,12 +180,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
         if (getEnableAuthorities()) {
             deleteUserAuthorities(username);
         }
-        getJdbcTemplate().update(deleteUserSql, new Object[] {username});
+        getJdbcTemplate().update(deleteUserSql, username);
         userCache.removeUserFromCache(username);
     }
 
     private void deleteUserAuthorities(String username) {
-        getJdbcTemplate().update(deleteUserAuthoritiesSql, new Object[] {username});
+        getJdbcTemplate().update(deleteUserAuthoritiesSql, username);
     }
 
     public void changePassword(String oldPassword, String newPassword) throws AuthenticationException {
@@ -255,12 +255,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
         logger.debug("Creating new group '" + groupName + "' with authorities " +
                 AuthorityUtils.authorityListToSet(authorities));
 
-        getJdbcTemplate().update(insertGroupSql, new Object[] {groupName});
+        getJdbcTemplate().update(insertGroupSql, groupName);
 
         final int groupId = findGroupId(groupName);
 
-        for (int i=0; i < authorities.size(); i++) {
+        for (GrantedAuthority a : authorities) {
-            final String authority = authorities.get(i).getAuthority();
+            final String authority = a.getAuthority();
             getJdbcTemplate().update(insertGroupAuthoritySql, new PreparedStatementSetter() {
                 public void setValues(PreparedStatement ps) throws SQLException {
                     ps.setInt(1, groupId);
@@ -290,7 +290,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
         Assert.hasText(oldName);
         Assert.hasText(newName);
 
-        getJdbcTemplate().update(renameGroupSql, new Object[] {newName, oldName});
+        getJdbcTemplate().update(renameGroupSql, newName, oldName);
     }
 
     public void addUserToGroup(final String username, final String groupName) {
@@ -330,16 +330,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
         logger.debug("Loading authorities for group '" + groupName + "'");
         Assert.hasText(groupName);
 
-        List<GrantedAuthority> authorities = getJdbcTemplate().query(groupAuthoritiesSql, new String[] {groupName}, new RowMapper<GrantedAuthority>() {
+        return getJdbcTemplate().query(groupAuthoritiesSql, new String[] {groupName}, new RowMapper<GrantedAuthority>() {
             public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
                  String roleName = getRolePrefix() + rs.getString(3);
-                 GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
 
-                 return authority;
+                return new GrantedAuthorityImpl(roleName);
             }
         });
-
-        return authorities;
     }
 
     public void removeGroupAuthority(String groupName, final GrantedAuthority authority) {
@@ -373,7 +370,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
     }
 
     private int findGroupId(String group) {
-        return getJdbcTemplate().queryForInt(findGroupIdSql, new Object[] {group});
+        return getJdbcTemplate().queryForInt(findGroupIdSql, group);
     }
 
     public void setAuthenticationManager(AuthenticationManager authenticationManager) {

core/src/main/java/org/springframework/security/remoting/dns/JndiDnsResolver.java

@@ -16,7 +16,7 @@
 
 package org.springframework.security.remoting.dns;
 
-import java.util.Hashtable;
+import java.util.*;
 
 import javax.naming.Context;
 import javax.naming.NameNotFoundException;
@@ -109,7 +109,7 @@ public class JndiDnsResolver implements DnsResolver {
             for (NamingEnumeration<?> recordEnum = dnsRecord.getAll(); recordEnum.hasMoreElements();) {
                 String[] record = recordEnum.next().toString().split(" ");
                 if (record.length != 4) {
-                    throw new DnsLookupException("Wrong service record for query " + query + ": [" + record + "]");
+                    throw new DnsLookupException("Wrong service record for query " + query + ": [" + Arrays.toString(record) + "]");
                 }
                 int priority = Integer.parseInt(record[0]);
                 int weight = Integer.parseInt(record[1]);
@@ -139,8 +139,8 @@ public class JndiDnsResolver implements DnsResolver {
     private Attribute lookup(String query, DirContext ictx, String recordType) {
         try {
             Attributes dnsResult = ictx.getAttributes(query, new String[] { recordType });
-            Attribute dnsRecord = dnsResult.get(recordType);
+
-            return dnsRecord;
+            return dnsResult.get(recordType);
         } catch (NamingException e) {
             if (e instanceof NameNotFoundException) {
                 throw new DnsEntryNotFoundException("DNS entry not found for:" + query, e);

core/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java

@@ -49,7 +49,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 
     //~ Instance fields ================================================================================================
 
-    private SecurityContext securityContext;
+    private final SecurityContext securityContext;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/util/FieldUtils.java

@@ -83,11 +83,10 @@ public final class FieldUtils {
         Assert.hasText(fieldName, "Field name required");
         String[] nestedFields = StringUtils.tokenizeToStringArray(fieldName, ".");
         Class<?> componentClass = bean.getClass();
-        Field field = null;
         Object value = bean;
 
-        for (int i=0; i < nestedFields.length; i++) {
+        for (String nestedField : nestedFields) {
-            field = getField(componentClass, nestedFields[i]);
+            Field field = getField(componentClass, nestedField);
             field.setAccessible(true);
             value = field.get(value);
             if (value != null) {

core/src/main/java/org/springframework/security/util/InMemoryResource.java

@@ -33,8 +33,8 @@ import java.util.Arrays;
 public class InMemoryResource extends AbstractResource {
     //~ Instance fields ================================================================================================
 
-    private byte[] source;
+    private final byte[] source;
-    private String description;
+    private final String description;
 
     //~ Constructors ===================================================================================================
 

core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java

@@ -67,13 +67,15 @@ public final class MethodInvocationUtils {
             Advised a = (Advised) object;
             if (!a.isProxyTargetClass()) {
                 Class<?>[] possibleInterfaces = a.getProxiedInterfaces();
-                for (int i = 0; i < possibleInterfaces.length; i++) {
+                for (Class<?> possibleInterface : possibleInterfaces) {
                     try {
-                        possibleInterfaces[i].getMethod(methodName, classArgs);
+                        possibleInterface.getMethod(methodName, classArgs);
                         // to get here means no exception happened
-                        target = possibleInterfaces[i];
+                        target = possibleInterface;
                         break;
-                    } catch (Exception tryTheNextOne) {}
+                    } catch (Exception ignored) {
+                        // try the next one
+                    }
                 }
             }
         }

core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java

@@ -40,8 +40,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public void testAllowIfAccessDecisionManagerDefaults()
+    public void testAllowIfAccessDecisionManagerDefaults() {
-        throws Exception {
         MockDecisionManagerImpl mock = new MockDecisionManagerImpl();
         assertTrue(!mock.isAllowIfAllAbstainDecisions()); // default
         mock.setAllowIfAllAbstainDecisions(true);
@@ -55,8 +54,8 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
         list.add(new MockStringOnlyVoter());
         mock.setDecisionVoters(list);
 
-        assertTrue(mock.supports(new String().getClass()));
+        assertTrue(mock.supports(String.class));
-        assertTrue(!mock.supports(new Integer(7).getClass()));
+        assertTrue(!mock.supports(Integer.class));
     }
 
     public void testDelegatesSupportsRequests() throws Exception {
@@ -98,8 +97,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
         }
     }
 
-    public void testRejectsListContainingInvalidObjectTypes()
+    public void testRejectsListContainingInvalidObjectTypes() {
-        throws Exception {
         MockDecisionManagerImpl mock = new MockDecisionManagerImpl();
         List list = new Vector();
         DenyVoter voter = new DenyVoter();
@@ -148,19 +146,13 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
     //~ Inner Classes ==================================================================================================
 
     private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
-        public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
+        public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
-            throws AccessDeniedException {
-            return;
         }
     }
 
     private class MockStringOnlyVoter implements AccessDecisionVoter {
         public boolean supports(Class<?> clazz) {
-            if (String.class.isAssignableFrom(clazz)) {
+            return String.class.isAssignableFrom(clazz);
-                return true;
-            } else {
-                return false;
-            }
         }
 
         public boolean supports(ConfigAttribute attribute) {

itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java

@@ -7,7 +7,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 public class UserDetailsServiceImpl implements UserDetailsService {
 
-    @SuppressWarnings("unused")
+    @SuppressWarnings({"unused", "FieldCanBeLocal"})
     private UserRepository userRepository;
 
     @Transactional(readOnly=true)

itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAdvice.java

@@ -19,7 +19,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.util.ClassUtils;
 
 public class PythonInterpreterPreInvocationAdvice implements PreInvocationAuthorizationAdvice{
-    private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
+    private final ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
     @SuppressWarnings("deprecation")
     public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preAttr) {

itest/context/src/main/java/org/springframework/security/integration/python/PythonInterpreterPreInvocationAttribute.java

@@ -3,7 +3,7 @@ package org.springframework.security.integration.python;
 import org.springframework.security.access.prepost.PreInvocationAttribute;
 
 public class PythonInterpreterPreInvocationAttribute implements PreInvocationAttribute {
-    private String script;
+    private final String script;
 
     PythonInterpreterPreInvocationAttribute(String script) {
         this.script = script;

ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java

@@ -11,8 +11,8 @@ import org.springframework.ldap.core.DistinguishedName;
  * @author Luke Taylor
  */
 public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
-    private String userDnBase;
+    private final String userDnBase;
-    private String usernameAttribute;
+    private final String usernameAttribute;
 
    /**
     * @param userDnBase the base name of the DN

ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java

@@ -164,7 +164,7 @@ public final class LdapUtils {
     public static String parseRootDnFromUrl(String url) {
         Assert.hasLength(url);
 
-        String urlRootDn = "";
+        String urlRootDn;
 
         if (url.startsWith("ldap:") || url.startsWith("ldaps:")) {
             URI uri = parseLdapUrl(url);

ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java

@@ -38,7 +38,7 @@ import java.util.List;
 public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, InitializingBean, MessageSourceAware {
     //~ Instance fields ================================================================================================
 
-    private ContextSource contextSource;
+    private final ContextSource contextSource;
 
     /** Optional search object which can be used to locate a user when a simple DN match isn't sufficient */
     private LdapUserSearch userSearch;
@@ -94,8 +94,8 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
         String[] args = new String[] {username};
 
         synchronized (userDnFormat) {
-            for (int i = 0; i < userDnFormat.length; i++) {
+            for (MessageFormat formatter : userDnFormat) {
-                userDns.add(userDnFormat[i].format(args));
+                userDns.add(formatter.format(args));
             }
         }
 

ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java

@@ -293,7 +293,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
         return result;
     }
 
-    public boolean supports(Class<? extends Object> authentication) {
+    public boolean supports(Class<?> authentication) {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
     }
 }