Use consistent modifier order

Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945

acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java

@@ -78,31 +78,31 @@ import org.springframework.util.Assert;
  */
 public class BasicLookupStrategy implements LookupStrategy {
 
-	private final static String DEFAULT_SELECT_CLAUSE_COLUMNS = "select acl_object_identity.object_id_identity, "
+	private static final String DEFAULT_SELECT_CLAUSE_COLUMNS = "select acl_object_identity.object_id_identity, "
 			+ "acl_entry.ace_order,  " + "acl_object_identity.id as acl_id, " + "acl_object_identity.parent_object, "
 			+ "acl_object_identity.entries_inheriting, " + "acl_entry.id as ace_id, " + "acl_entry.mask,  "
 			+ "acl_entry.granting,  " + "acl_entry.audit_success, " + "acl_entry.audit_failure,  "
 			+ "acl_sid.principal as ace_principal, " + "acl_sid.sid as ace_sid,  "
 			+ "acli_sid.principal as acl_principal, " + "acli_sid.sid as acl_sid, " + "acl_class.class ";
 
-	private final static String DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN = ", acl_class.class_id_type  ";
+	private static final String DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN = ", acl_class.class_id_type  ";
 
-	private final static String DEFAULT_SELECT_CLAUSE_FROM = "from acl_object_identity "
+	private static final String DEFAULT_SELECT_CLAUSE_FROM = "from acl_object_identity "
 			+ "left join acl_sid acli_sid on acli_sid.id = acl_object_identity.owner_sid "
 			+ "left join acl_class on acl_class.id = acl_object_identity.object_id_class   "
 			+ "left join acl_entry on acl_object_identity.id = acl_entry.acl_object_identity "
 			+ "left join acl_sid on acl_entry.sid = acl_sid.id  " + "where ( ";
 
-	public final static String DEFAULT_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS + DEFAULT_SELECT_CLAUSE_FROM;
+	public static final String DEFAULT_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS + DEFAULT_SELECT_CLAUSE_FROM;
 
-	public final static String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS
+	public static final String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE = DEFAULT_SELECT_CLAUSE_COLUMNS
 			+ DEFAULT_SELECT_CLAUSE_ACL_CLASS_ID_TYPE_COLUMN + DEFAULT_SELECT_CLAUSE_FROM;
 
-	private final static String DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE = "(acl_object_identity.id = ?)";
+	private static final String DEFAULT_LOOKUP_KEYS_WHERE_CLAUSE = "(acl_object_identity.id = ?)";
 
-	private final static String DEFAULT_LOOKUP_IDENTITIES_WHERE_CLAUSE = "(acl_object_identity.object_id_identity = ? and acl_class.class = ?)";
+	private static final String DEFAULT_LOOKUP_IDENTITIES_WHERE_CLAUSE = "(acl_object_identity.object_id_identity = ? and acl_class.class = ?)";
 
-	public final static String DEFAULT_ORDER_BY_CLAUSE = ") order by acl_object_identity.object_id_identity"
+	public static final String DEFAULT_ORDER_BY_CLAUSE = ") order by acl_object_identity.object_id_identity"
 			+ " asc, acl_entry.ace_order asc";
 
 	private final AclAuthorizationStrategy aclAuthorizationStrategy;

config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java

@@ -268,7 +268,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	}
 
 	@EnableWebSecurity
-	static abstract class BaseLdapServerConfig extends BaseLdapProviderConfig {
+	abstract static class BaseLdapServerConfig extends BaseLdapProviderConfig {
 
 		@Bean
 		public ApacheDSContainer ldapServer() throws Exception {
@@ -283,7 +283,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 	@EnableWebSecurity
 	@EnableGlobalAuthentication
 	@Import(ObjectPostProcessorConfiguration.class)
-	static abstract class BaseLdapProviderConfig extends WebSecurityConfigurerAdapter {
+	abstract static class BaseLdapProviderConfig extends WebSecurityConfigurerAdapter {
 
 		@Bean
 		public BaseLdapPathContextSource contextSource() throws Exception {
@@ -302,7 +302,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
 		}
 
 		@Override
-		abstract protected void configure(AuthenticationManagerBuilder auth) throws Exception;
+		protected abstract void configure(AuthenticationManagerBuilder auth) throws Exception;
 
 	}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java

@@ -56,7 +56,7 @@ final class PermitAllSupport {
 		}
 	}
 
-	private final static class ExactUrlRequestMatcher implements RequestMatcher {
+	private static final class ExactUrlRequestMatcher implements RequestMatcher {
 
 		private String processUrl;
 

config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java

@@ -409,7 +409,7 @@ public class MessageSecurityMetadataSourceRegistry {
 
 	}
 
-	private final static class PreBuiltMatcherBuilder implements MatcherBuilder {
+	private static final class PreBuiltMatcherBuilder implements MatcherBuilder {
 
 		private MessageMatcher<?> matcher;
 

config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java

@@ -44,7 +44,7 @@ final class GrantedAuthorityDefaultsParserUtils {
 		return bean;
 	}
 
-	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+	abstract static class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
 
 		protected String rolePrefix = "ROLE_";
 

config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java

@@ -537,7 +537,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
 
 	}
 
-	static abstract class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
+	abstract static class AbstractGrantedAuthorityDefaultsBeanFactory implements ApplicationContextAware {
 
 		protected String rolePrefix = "ROLE_";
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

@@ -904,7 +904,7 @@ public class OAuth2LoginConfigurerTests {
 
 	}
 
-	private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+	private abstract static class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
@@ -938,7 +938,7 @@ public class OAuth2LoginConfigurerTests {
 
 	}
 
-	private static abstract class CommonLambdaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+	private abstract static class CommonLambdaWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {

config/src/test/java/org/springframework/security/config/http/WebConfigUtilsTests.java

@@ -29,7 +29,7 @@ import static org.mockito.Mockito.verifyZeroInteractions;
 @PrepareOnlyThisForTest(ParserContext.class)
 public class WebConfigUtilsTests {
 
-	public final static String URL = "/url";
+	public static final String URL = "/url";
 
 	@Mock
 	private ParserContext parserContext;

config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java

@@ -52,9 +52,9 @@ import static org.springframework.security.config.Customizer.withDefaults;
  */
 public class HeaderSpecTests {
 
-	private final static String CUSTOM_HEADER = "CUSTOM-HEADER";
+	private static final String CUSTOM_HEADER = "CUSTOM-HEADER";
 
-	private final static String CUSTOM_VALUE = "CUSTOM-VALUE";
+	private static final String CUSTOM_VALUE = "CUSTOM-VALUE";
 
 	private ServerHttpSecurity http = ServerHttpSecurity.http();
 

core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java

@@ -38,7 +38,7 @@ import org.springframework.util.ObjectUtils;
  */
 public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
-	private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
+	private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
 
 	private final List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
 

core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java

@@ -33,7 +33,7 @@ import static org.mockito.Mockito.when;
  */
 public class SecurityExpressionRootTests {
 
-	final static Authentication JOE = new TestingAuthenticationToken("joe", "pass", "ROLE_A", "ROLE_B");
+	static final Authentication JOE = new TestingAuthenticationToken("joe", "pass", "ROLE_A", "ROLE_B");
 
 	SecurityExpressionRoot root;
 

core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java

@@ -36,7 +36,7 @@ import static org.assertj.core.api.Assertions.fail;
  */
 public class AnonymousAuthenticationTokenTests {
 
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	@Test
 	public void testConstructorRejectsNulls() {

crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java

@@ -31,16 +31,16 @@ package org.springframework.security.crypto.codec;
 public final class Base64 {
 
 	/** No options specified. Value is zero. */
-	public final static int NO_OPTIONS = 0;
+	public static final int NO_OPTIONS = 0;
 
 	/** Specify encoding in first bit. Value is one. */
-	public final static int ENCODE = 1;
+	public static final int ENCODE = 1;
 
 	/** Specify decoding in first bit. Value is zero. */
-	public final static int DECODE = 0;
+	public static final int DECODE = 0;
 
 	/** Do break lines when encoding. Value is 8. */
-	public final static int DO_BREAK_LINES = 8;
+	public static final int DO_BREAK_LINES = 8;
 
 	/**
 	 * Encode using Base64-like encoding that is URL- and Filename-safe as described in
@@ -50,31 +50,31 @@ public final class Base64 {
 	 * Base64, or at the very least should not be called Base64 without also specifying
 	 * that is was encoded using the URL- and Filename-safe dialect.
 	 */
-	public final static int URL_SAFE = 16;
+	public static final int URL_SAFE = 16;
 
 	/**
 	 * Encode using the special "ordered" dialect of Base64.
 	 */
-	public final static int ORDERED = 32;
+	public static final int ORDERED = 32;
 
 	/** Maximum line length (76) of Base64 output. */
-	private final static int MAX_LINE_LENGTH = 76;
+	private static final int MAX_LINE_LENGTH = 76;
 
 	/** The equals sign (=) as a byte. */
-	private final static byte EQUALS_SIGN = (byte) '=';
+	private static final byte EQUALS_SIGN = (byte) '=';
 
 	/** The new line character (\n) as a byte. */
-	private final static byte NEW_LINE = (byte) '\n';
+	private static final byte NEW_LINE = (byte) '\n';
 
-	private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+	private static final byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
 
-	private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+	private static final byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
 
 	/* ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
 
 	/** The 64 valid Base64 values. */
 	/* Host platform me be something funny like EBCDIC, so we hardcode these values. */
-	private final static byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+	private static final byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
 			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
 			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
 			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
@@ -87,7 +87,7 @@ public final class Base64 {
 	 * Translates a Base64 value to either its 6-bit reconstruction value or a negative
 	 * number indicating some other meaning.
 	 **/
-	private final static byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+	private static final byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
 																							// 0
 																							// -
 																							// 8
@@ -132,7 +132,7 @@ public final class Base64 {
 	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus"
 	 * and "slash."
 	 */
-	private final static byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+	private static final byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
 			(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
 			(byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
 			(byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
@@ -144,7 +144,7 @@ public final class Base64 {
 	/**
 	 * Used in decoding URL- and Filename-safe dialects of Base64.
 	 */
-	private final static byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+	private static final byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
 																							// 0
 																							// -
 																							// 8
@@ -186,7 +186,7 @@ public final class Base64 {
 
 	/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
 
-	private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
+	private static final byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
 			(byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C',
 			(byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L',
 			(byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
@@ -198,10 +198,8 @@ public final class Base64 {
 	/**
 	 * Used in decoding the "ordered" dialect of Base64.
 	 */
-	private final static byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
-																							// 0
-																							// -
-																							// 8
+	private static final byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9,
+			// Decimal 0 - 8
 			-5, -5, // Whitespace: Tab and Linefeed
 			-9, -9, // Decimal 11 - 12
 			-5, // Whitespace: Carriage Return

etc/checkstyle/checkstyle-suppressions.xml

@@ -8,7 +8,6 @@
 	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
 	<suppress files=".*" checks="JavadocType" />
 	<suppress files=".*" checks="JavadocVariable" />
-	<suppress files=".*" checks="ModifierOrder" />
 	<suppress files=".*" checks="MultipleVariableDeclarations" />
 	<suppress files=".*" checks="MutableException" />
 	<suppress files=".*" checks="NeedBraces" />

ldap/src/main/java/org/springframework/security/ldap/LdapEncoder.java

@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
+	public static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;

ldap/src/main/java/org/springframework/security/ldap/authentication/LdapEncoder.java

@@ -187,7 +187,7 @@ final class LdapEncoder {
 	 * @return The decoded value as a string.
 	 * @throws BadLdapGrammarException
 	 */
-	static public String nameDecode(String value) throws BadLdapGrammarException {
+	public static String nameDecode(String value) throws BadLdapGrammarException {
 
 		if (value == null) {
 			return null;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java

@@ -398,7 +398,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 		return new OAuth2AuthorizedClient(clientRegistration, principal.getName(), accessToken, refreshToken);
 	}
 
-	private final static class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
+	private static final class CustomTableDefinitionJdbcOAuth2AuthorizedClientService
 			extends JdbcOAuth2AuthorizedClientService {
 
 		private static final String COLUMN_NAMES = "clientRegistrationId, " + "principalName, " + "accessTokenType, "
@@ -453,7 +453,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests {
 			this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, pss);
 		}
 
-		private final static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
+		private static final class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
 
 			private final ClientRegistrationRepository clientRegistrationRepository;
 

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java

@@ -110,7 +110,7 @@ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public final static class Builder {
+	public static final class Builder {
 
 		private String tokenValue;
 

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverter.java

@@ -40,15 +40,15 @@ import org.springframework.util.Assert;
  */
 public final class MappedJwtClaimSetConverter implements Converter<Map<String, Object>, Map<String, Object>> {
 
-	private final static ConversionService CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
+	private static final ConversionService CONVERSION_SERVICE = ClaimConversionService.getSharedInstance();
 
-	private final static TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
+	private static final TypeDescriptor OBJECT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Object.class);
 
-	private final static TypeDescriptor STRING_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(String.class);
+	private static final TypeDescriptor STRING_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(String.class);
 
-	private final static TypeDescriptor INSTANT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Instant.class);
+	private static final TypeDescriptor INSTANT_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(Instant.class);
 
-	private final static TypeDescriptor URL_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(URL.class);
+	private static final TypeDescriptor URL_TYPE_DESCRIPTOR = TypeDescriptor.valueOf(URL.class);
 
 	private final Map<String, Converter<Object, ?>> claimTypeConverters;
 

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java

@@ -427,7 +427,7 @@ public final class RelyingPartyRegistration {
 	 *
 	 * @since 5.4
 	 */
-	public final static class AssertingPartyDetails {
+	public static final class AssertingPartyDetails {
 
 		private final String entityId;
 
@@ -546,7 +546,7 @@ public final class RelyingPartyRegistration {
 			return this.singleSignOnServiceBinding;
 		}
 
-		public final static class Builder {
+		public static final class Builder {
 
 			private String entityId;
 
@@ -665,7 +665,7 @@ public final class RelyingPartyRegistration {
 	 * @deprecated Use {@link AssertingPartyDetails} instead
 	 */
 	@Deprecated
-	public final static class ProviderDetails {
+	public static final class ProviderDetails {
 
 		private final AssertingPartyDetails assertingPartyDetails;
 
@@ -714,7 +714,7 @@ public final class RelyingPartyRegistration {
 		 * @deprecated Use {@link AssertingPartyDetails.Builder} instead
 		 */
 		@Deprecated
-		public final static class Builder {
+		public static final class Builder {
 
 			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
@@ -778,7 +778,7 @@ public final class RelyingPartyRegistration {
 
 	}
 
-	public final static class Builder {
+	public static final class Builder {
 
 		private String registrationId;
 

test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java

@@ -552,7 +552,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
 
@@ -698,7 +698,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private final String nameAttributeKey = "sub";
 
@@ -849,7 +849,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private ClientRegistration clientRegistration;
 
@@ -1027,7 +1027,7 @@ public class SecurityMockServerConfigurers {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
+	public static final class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
 
 		private String registrationId = "test";
 
@@ -1153,10 +1153,10 @@ public class SecurityMockServerConfigurers {
 		private static final class TestReactiveOAuth2AuthorizedClientManager
 				implements ReactiveOAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+			static final String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
 					.concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
+			static final String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName()
 					.concat(".ENABLED");
 
 			private final ReactiveOAuth2AuthorizedClientManager delegate;

test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java

@@ -534,9 +534,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		static class TestCsrfTokenRepository implements CsrfTokenRepository {
 
-			final static String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".TOKEN");
+			static final String TOKEN_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".ENABLED");
+			static final String ENABLED_ATTR_NAME = TestCsrfTokenRepository.class.getName().concat(".ENABLED");
 
 			private final CsrfTokenRepository delegate;
 
@@ -711,7 +711,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * Support class for {@link RequestPostProcessor}'s that establish a Spring Security
 	 * context
 	 */
-	private static abstract class SecurityContextRequestPostProcessorSupport {
+	private abstract static class SecurityContextRequestPostProcessorSupport {
 
 		/**
 		 * Saves the specified {@link Authentication} into an empty
@@ -755,7 +755,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		static final class TestSecurityContextRepository implements SecurityContextRepository {
 
-			private final static String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
+			private static final String ATTR_NAME = TestSecurityContextRepository.class.getName().concat(".REPO");
 
 			private final SecurityContextRepository delegate;
 
@@ -801,7 +801,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class TestSecurityContextHolderPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class TestSecurityContextHolderPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private SecurityContext EMPTY = SecurityContextHolder.createEmptyContext();
@@ -831,7 +831,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class SecurityContextRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class SecurityContextRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private final SecurityContext securityContext;
@@ -856,7 +856,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @since 4.0
 	 *
 	 */
-	private final static class AuthenticationRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	private static final class AuthenticationRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private final Authentication authentication;
@@ -883,7 +883,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	private final static class UserDetailsRequestPostProcessor implements RequestPostProcessor {
+	private static final class UserDetailsRequestPostProcessor implements RequestPostProcessor {
 
 		private final RequestPostProcessor delegate;
 
@@ -908,7 +908,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Rob Winch
 	 * @since 4.0
 	 */
-	public final static class UserRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
+	public static final class UserRequestPostProcessor extends SecurityContextRequestPostProcessorSupport
 			implements RequestPostProcessor {
 
 		private String username;
@@ -1046,7 +1046,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public final static class JwtRequestPostProcessor implements RequestPostProcessor {
+	public static final class JwtRequestPostProcessor implements RequestPostProcessor {
 
 		private Jwt jwt;
 
@@ -1137,7 +1137,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OpaqueTokenRequestPostProcessor implements RequestPostProcessor {
+	public static final class OpaqueTokenRequestPostProcessor implements RequestPostProcessor {
 
 		private Supplier<Map<String, Object>> attributes = this::defaultAttributes;
 
@@ -1265,7 +1265,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
+	public static final class OAuth2LoginRequestPostProcessor implements RequestPostProcessor {
 
 		private final String nameAttributeKey = "sub";
 
@@ -1393,7 +1393,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OidcLoginRequestPostProcessor implements RequestPostProcessor {
+	public static final class OidcLoginRequestPostProcessor implements RequestPostProcessor {
 
 		private ClientRegistration clientRegistration;
 
@@ -1541,7 +1541,7 @@ public final class SecurityMockMvcRequestPostProcessors {
 	 * @author Josh Cummings
 	 * @since 5.3
 	 */
-	public final static class OAuth2ClientRequestPostProcessor implements RequestPostProcessor {
+	public static final class OAuth2ClientRequestPostProcessor implements RequestPostProcessor {
 
 		private String registrationId = "test";
 
@@ -1638,9 +1638,9 @@ public final class SecurityMockMvcRequestPostProcessors {
 		 */
 		private static final class TestOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
 
-			final static String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
+			static final String TOKEN_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
 
-			final static String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
+			static final String ENABLED_ATTR_NAME = TestOAuth2AuthorizedClientManager.class.getName()
 					.concat(".ENABLED");
 
 			private final OAuth2AuthorizedClientManager delegate;

test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java

@@ -60,7 +60,7 @@ public final class SecurityMockMvcResultMatchers {
 		return new UnAuthenticatedMatcher();
 	}
 
-	private static abstract class AuthenticationMatcher<T extends AuthenticationMatcher<T>> implements ResultMatcher {
+	private abstract static class AuthenticationMatcher<T extends AuthenticationMatcher<T>> implements ResultMatcher {
 
 		protected SecurityContext load(MvcResult result) {
 			HttpRequestResponseHolder holder = new HttpRequestResponseHolder(result.getRequest(), result.getResponse());

web/src/main/java/org/springframework/security/web/FilterChainProxy.java

@@ -143,7 +143,7 @@ public class FilterChainProxy extends GenericFilterBean {
 
 	private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
 
-	private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
+	private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
 
 	private List<SecurityFilterChain> filterChains;
 

web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java

@@ -45,7 +45,7 @@ import org.springframework.util.Assert;
 public final class ExpressionBasedFilterInvocationSecurityMetadataSource
 		extends DefaultFilterInvocationSecurityMetadataSource {
 
-	private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
+	private static final Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
 
 	public ExpressionBasedFilterInvocationSecurityMetadataSource(
 			LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap,

web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java

@@ -41,7 +41,7 @@ import org.springframework.util.StringUtils;
  */
 public final class RegexRequestMatcher implements RequestMatcher {
 
-	private final static Log logger = LogFactory.getLog(RegexRequestMatcher.class);
+	private static final Log logger = LogFactory.getLog(RegexRequestMatcher.class);
 
 	private final Pattern pattern;
 

web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java

@@ -62,7 +62,7 @@ import static org.mockito.Mockito.verify;
  */
 public class SwitchUserFilterTests {
 
-	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
+	private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
 
 	@Rule
 	public ExpectedException thrown = ExpectedException.none();