* This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the AclService and ensure the
- * principal is {@link org.springframework.security.acls.Acl#isGranted(List,
- * List, boolean) Acl.isGranted(Permission[], Sid[], boolean)}
+ * principal is {@link org.springframework.security.acls.model.Acl#isGranted(List, List, boolean) Acl.isGranted()}
* when presenting the {@link #requirePermission} array to that method.
*
* If the principal does not have permission, that element will not be included in the returned diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java index 57f57598f2..4d120dc4a6 100644 --- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java @@ -39,11 +39,10 @@ import org.springframework.security.core.SpringSecurityMessageSource; *
* This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link * #processConfigAttribute}. The provider will then lookup the ACLs from the AclService and ensure the - * principal is {@link org.springframework.security.acls.Acl#isGranted(List, - List, boolean) Acl.isGranted(Permission[], Sid[], boolean)} - * when presenting the {@link #requirePermission} array to that method. + * principal is {@link org.springframework.security.acls.model.Acl#isGranted(List, List, boolean) + * Acl.isGranted(List, List, boolean)} when presenting the {@link #requirePermission} array to that method. *
- * Often users will setup an AclEntryAfterInvocationProvider with a {@link
+ * Often users will set up an AclEntryAfterInvocationProvider with a {@link
* #processConfigAttribute} of AFTER_ACL_READ and a {@link #requirePermission} of
* BasePermission.READ. These are also the defaults.
*
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index b8693fd8aa..d7b35aac48 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -155,10 +155,10 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
}
/**
- * Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is
- * true.
+ * Retrieves the primary key from {@code acl_class}, creating a new row if needed and the
+ * {@code allowCreate} property is {@code true}.
*
- * @param clazz to find or create an entry for (this implementation uses the fully-qualified class name String)
+ * @param type to find or create an entry for (often the fully-qualified class name)
* @param allowCreate true if creation is permitted if not found
*
* @return the primary key or null if not found
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
index 110bf22d02..9ae2b4fd79 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
@@ -13,7 +13,7 @@ public abstract class AclDataAccessException extends RuntimeException {
* message and root cause.
*
* @param msg the detail message
- * @param t the root cause
+ * @param cause the root cause
*/
public AclDataAccessException(String msg, Throwable cause) {
super(msg, cause);
diff --git a/acl/src/main/java/org/springframework/security/acls/model/AclService.java b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
index 80c2c6568f..a54d05c171 100644
--- a/acl/src/main/java/org/springframework/security/acls/model/AclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/model/AclService.java
@@ -37,7 +37,7 @@ public interface AclService {
List
* This method should not be called as it does not leverage the underlying implementation's potential ability to
* filter Acl entries based on a {@link Sid} parameter.
* Differs from {@link ObjectIdentityRetrievalStrategy} in that it is used in situations when the actual object
@@ -18,8 +18,8 @@ public interface ObjectIdentityGenerator {
/**
*
* @param id the identifier of the domain object, not null
- * @param type the type of the object (usually a class name), not null
- * @return
+ * @param type the type of the object (often a class name), not null
+ * @return the identity constructed using the supplied identifier and type information.
*/
ObjectIdentity createObjectIdentity(Serializable id, String type);
diff --git a/build.gradle b/build.gradle
index 0997a8cd93..5efe1e9946 100644
--- a/build.gradle
+++ b/build.gradle
@@ -142,6 +142,7 @@ def docsDir = new File(project(':manual').buildDir, 'docs')
task apidocs(type: Javadoc) {
destinationDir = new File(buildDir, 'apidocs')
+ title = "Spring Security $version API"
optionsFile = file("$buildDir/tmp/javadoc.options")
source coreModuleProjects().collect { project ->
@@ -240,8 +241,12 @@ def sampleProjects() {
subprojects.findAll { project -> project.name.startsWith('spring-security-samples') }
}
+def itestProjects() {
+ subprojects.findAll { project -> project.name.startsWith('itest') }
+}
+
def coreModuleProjects() {
- javaProjects() - sampleProjects()
+ javaProjects() - sampleProjects() - itestProjects()
}
def releaseType() {
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java
index 7f2f523358..d6afdddb19 100755
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java
@@ -21,11 +21,11 @@ import org.springframework.dao.DataAccessException;
/**
* This class wraps Spring Security's UserDetailsService in a way that its loadUserByUsername()
- * method returns wrapped UserDetails that return all hierachically reachable authorities
+ * method returns wrapped UserDetails that return all hierarchically reachable authorities
* instead of only the directly assigned authorities.
*
* @author Michael Mayr
- * @deprecated use a {@link RoleHierarchyVoter} instead of populating the user Authentication object
+ * @deprecated use a {@code RoleHierarchyVoter} instead of populating the user Authentication object
* with the additional authorities.
*/
public class UserDetailsServiceWrapper implements UserDetailsService {
@@ -52,4 +52,4 @@ public class UserDetailsServiceWrapper implements UserDetailsService {
return userDetailsService;
}
-}
\ No newline at end of file
+}
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
index f79fa2726f..59142472f0 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
@@ -25,16 +25,11 @@ import org.springframework.security.core.Authentication;
* Reviews the
* Typically used to ensure the principal is permitted to access the domain
* object instance returned by a service layer bean. Can also be used to
* mutate the domain object instance so the principal is only able to access
- * authorised bean properties or
* Special consideration should be given to using an
*
* Handles configuration of a bean context defined list of {@link AfterInvocationProvider}s.
*
- * Every
- * This class also allows the use of Spring's
- * {@link org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator}, which makes
+ * This class also allows the use of Spring's {@code DefaultAdvisorAutoProxyCreator}, which makes
* configuration easier than setup a
- * This is essentially the approach taken by subclasses of {@link AbstractBeanFactoryPointcutAdvisor}, which this
- * class should extend in future. The original hierarchy and constructor have been retained for backwards
+ * This is essentially the approach taken by subclasses of Spring's {@code AbstractBeanFactoryPointcutAdvisor},
+ * which this class should extend in future. The original hierarchy and constructor have been retained for backwards
* compatibility.
*
* @param adviceBeanName name of the MethodSecurityInterceptor bean
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java
index 252d4d027d..a910f8b15e 100755
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java
@@ -30,7 +30,7 @@ public class AuthenticationDetails implements Serializable {
/**
* Provided so that subclasses can populate additional information.
*
- * @param request that the authentication request was received from
+ * @param context the existing contextual information
*/
protected void doPopulateAdditionalInformation(Object context) {}
diff --git a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
index c0b36b25ed..1e794edd5a 100644
--- a/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/authentication/InsufficientAuthenticationException.java
@@ -23,9 +23,9 @@ import org.springframework.security.core.AuthenticationException;
*
* {@link org.springframework.security.access.AccessDecisionVoter}s will typically throw this exception if
* they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or
- * anonymously. The commonly used {@link org.springframework.security.web.ExceptionTranslationFilter} will thus cause
- * the
* The AuthenticationManager implementation will often return an Authentication containing
* richer information as the principal for use by the application. Many of the authentication providers will
- * create a {@link UserDetails} object as the principal.
+ * create a {@code UserDetails} object as the principal.
*
* @return the Used by default by {@link SecurityContextHolder} and {@link
- * HttpSessionContextIntegrationFilter}.
+ * Used by default by {@link SecurityContextHolder} strategies.
*
* @author Ben Alex
*/
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
index 6c66a0002d..6b34903f56 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionDestroyedEvent.java
@@ -24,8 +24,7 @@ public abstract class SessionDestroyedEvent extends ApplicationEvent {
public abstract SecurityContext getSecurityContext();
/**
- * The identifier associated with the destroyed session.
- * @return
+ * @return the identifier associated with the destroyed session.
*/
public abstract String getId();
}
diff --git a/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java b/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java
index 98e0272931..b61f519032 100644
--- a/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java
@@ -18,16 +18,8 @@ package org.springframework.security.core.session;
/**
* Implemented by {@link org.springframework.security.core.Authentication#getDetails()}
* implementations that are capable of returning a session ID.
- *
*
- * This interface is used by {@link
- * org.springframework.security.authentication.concurrent.SessionRegistryUtils} to extract the session
- * ID from an
- * Based on the information in the corresponding internet draft on LDAP password policy.
+ * Based on the information in the corresponding
+ *
+ * internet draft on LDAP password policy
*
* @author Stefan Zoerner
* @author Luke Taylor
*
* @see PasswordPolicyResponseControl
- * @see Password Policy for LDAP
- * Directories
*/
public class PasswordPolicyControl implements Control {
//~ Static fields/initializers =====================================================================================
diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
index 3b7ed31d89..398789cc73 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
@@ -33,7 +33,7 @@ import org.springframework.util.Assert;
/**
* Provides lifecycle services for the embedded apacheDS server defined by the supplied configuration.
- * Used by {@link LdapServerBeanDefinitionParser}. An instance will be stored in the application context for
+ * Used by {code LdapServerBeanDefinitionParser}. An instance will be stored in the application context for
* each embedded server instance. It will start the server when the context is initialized and shut it down when
* it is closed. It is intended for temporary embedded use and will not retain changes across start/stop boundaries. The
* working directory is deleted on shutdown.
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
index e626888fac..4522981ec7 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@@ -273,7 +273,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
/**
* Specifies any extra parameters submitted along with the identity field which should be appended to the
- * {@literal return_to} URL which is assembled by {@link #buildReturnToUrl}.
+ * {@code return_to} URL which is assembled by {@link #buildReturnToUrl}.
*
* @param returnToUrlParameters
* the set of parameter names. If not set, it will default to the parameter name used by the
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
index 2f5da33b21..d8d7f4902d 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
@@ -16,19 +16,12 @@
package org.springframework.security.taglibs.velocity;
+import org.springframework.context.ApplicationContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.taglibs.authz.AuthenticationTag;
-import org.springframework.security.taglibs.authz.LegacyAuthorizeTag;
-
-
-import org.springframework.context.ApplicationContext;
/**
- * Wrapper the implementation of Spring Security JSP tag includes:
- * {@link AuthenticationTag}, {@link AclTag}, {@link LegacyAuthorizeTag}
- *
* @author Wang Qi
*/
public interface Authz {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java
index b4de6121e5..403c153c71 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java
@@ -73,13 +73,6 @@ public class AuthzImpl implements Authz {
/**
* implementation of LegacyAuthorizeTag
- *
- * @param roles DOCUMENT ME!
- * @param grantType DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- *
- * @throws IllegalArgumentException DOCUMENT ME!
*/
private boolean ifGranted(String roles, int grantType) {
LegacyAuthorizeTag authorizeTag = new LegacyAuthorizeTag();
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
index c50a8edca8..8e3215fd3a 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -26,9 +26,9 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
private PortMapper portMapper = new PortMapperImpl();
private PortResolver portResolver = new PortResolverImpl();
/** The scheme ("http://" or "https://") */
- private String scheme;
+ private final String scheme;
/** The standard port for the scheme (80 for http, 443 for https) */
- private int standardPort;
+ private final int standardPort;
//~ Constructors ===================================================================================================
@@ -39,9 +39,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
//~ Methods ========================================================================================================
- public void commence(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) req;
-
+ public void commence(HttpServletRequest request, HttpServletResponse res) throws IOException, ServletException {
String pathInfo = request.getPathInfo();
String queryString = request.getQueryString();
String contextPath = request.getContextPath();
@@ -64,7 +62,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
logger.debug("Redirecting to: " + redirectUrl);
}
- ((HttpServletResponse) res).sendRedirect(((HttpServletResponse) res).encodeRedirectURL(redirectUrl));
+ res.sendRedirect(res.encodeRedirectURL(redirectUrl));
}
protected abstract Integer getMappedPort(Integer mapFromPort);
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
index f65475c998..f6cf0bf3dc 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
@@ -36,15 +36,12 @@ import org.springframework.security.web.util.UrlMatcher;
* Stores an ordered map of compiled URL paths to ConfigAttribute lists and provides URL matching
* against the items stored in this map using the configured UrlMatcher.
*
- * The order of registering the regular expressions using the
- * {@link #addSecureUrl(String, List
- * If URLs are registered for a particular HTTP method using
- * {@link #addSecureUrl(String, String, List
- * Spring Security filters (namely {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter} and
- * {@link RememberMeAuthenticationFilter} will call the methods provided by an implementation of this interface.
+ * Spring Security filters (namely
+ * {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
+ * AbstractAuthenticationProcessingFilter} and
+ * {@link org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
+ * RememberMeAuthenticationFilter} will call the methods provided by an implementation of this interface.
*
- * This filter by default responds to the URL {@literal /j_spring_security_check}.
+ * This filter by default responds to the URL {@code /j_spring_security_check}.
*
* @author Ben Alex
* @author Colin Sampaleanu
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
index 5248bd9fb2..43495c239a 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@@ -22,11 +22,6 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT
* org.springframework.security.core.Authentication#isAuthenticated()} will return
*
* If for whatever reason no {@code HttpSession} should ever be created (for example, if
- * Basic authentication is being used or similar clients that will never present the same {@literal jsessionid}), then
+ * Basic authentication is being used or similar clients that will never present the same {@code jsessionid}), then
* {@link #setAllowSessionCreation(boolean) allowSessionCreation} should be set to Object returned from a secure object invocation,
* being able to modify the Object or throw an {@link
* AccessDeniedException}.
- *
* Collection elements. Often used
- * in conjunction with an {@link org.springframework.security.acl.AclManager} to
- * obtain the access control list applicable for the domain object instance.
- * Collection elements.
* AfterInvocationManager on bean methods that modify a database.
diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
index a11a8240ad..e3b71d4b5d 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@@ -34,11 +34,12 @@ import org.springframework.util.Assert;
* AfterInvocationProvider will be polled when the {@link #decide(Authentication, Object,
- * ListObject returned from each provider will be
- * presented to the successive provider for processing. This means each provider must ensure they return the
- * Object, even if they are not interested in the "after invocation" decision (perhaps as the secure
- * object invocation did not include a configuration attribute a given provider is configured to respond to).
+ * Every AfterInvocationProvider will be polled when the
+ * {@link #decide(Authentication, Object, Collection, Object)} method is called. The Object returned
+ * from each provider will be presented to the successive provider for processing. This means each provider
+ * must ensure they return the Object, even if they are not interested in the "after invocation"
+ * decision (perhaps as the secure object invocation did not include a configuration attribute a given provider is
+ * configured to respond to).
*
* @author Ben Alex
*/
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index 1c6ccc67ef..b534828eb2 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -36,8 +36,7 @@ import org.springframework.util.Assert;
* Because the AOP framework caches advice calculations, this is normally faster than just letting the
* MethodSecurityInterceptor run and find out itself that it has no work to do.
* ProxyFactoryBean for each object requiring security. Note that
* autoproxying is not supported for BeanFactory implementations, as post-processing is automatic only for application
* contexts.
@@ -74,8 +73,8 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
* bean name should be set. This prevents eager instantiation of the interceptor
* (and hence the AuthenticationManager). See SEC-773, for example.
* AuthenticationEntryPoint to be called, allowing the principal to authenticate with a stronger
- * level of authentication.AuthenticationEntryPoint to be called, allowing
+ * the principal to authenticate with a stronger level of authentication.
*
* @author Ben Alex
*/
diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index 9e2c87ab31..aac91b6ecc 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -323,8 +323,8 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
* Publishes the {@link JaasAuthenticationFailedEvent}. Can be overridden by subclasses for different
* functionality
*
- * @param token The {@link UsernamePasswordAuthenticationToken} being processed
- * @param ase The {@link SpringSecurityException} that caused the failure
+ * @param token The authentication token being processed
+ * @param ase The excetion that caused the authentication failure
*/
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) {
applicationEventPublisher.publishEvent(new JaasAuthenticationFailedEvent(token, ase));
@@ -334,7 +334,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
* Publishes the {@link JaasAuthenticationSuccessEvent}. Can be overridden by subclasses for different
* functionality.
*
- * @param token The {@link UsernamePasswordAuthenticationToken} being processed
+ * @param token The token being processed
*/
protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) {
if (applicationEventPublisher != null) {
@@ -425,11 +425,11 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
/**
* If set, a call to {@code Configuration#refresh()} will be made by {@code #configureJaas(Resource) }
- * method. Defaults to {@literal true}.
+ * method. Defaults to {@code true}.
*
* @see SEC-1230
*
- * @param refreshConfigurationOnStartup set to {@literal false} to disable reloading of the configuration.
+ * @param refresh set to {@code false} to disable reloading of the configuration.
* May be useful in some environments.
*/
public void setRefreshConfigurationOnStartup(boolean refresh) {
diff --git a/core/src/main/java/org/springframework/security/core/Authentication.java b/core/src/main/java/org/springframework/security/core/Authentication.java
index 0f5002d79c..7d39bd4121 100644
--- a/core/src/main/java/org/springframework/security/core/Authentication.java
+++ b/core/src/main/java/org/springframework/security/core/Authentication.java
@@ -31,7 +31,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
* Once the request has been authenticated, the Authentication will usually be stored in a thread-local
* SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which is
* being used. An explicit authentication can be achieved, without using one of Spring Security's authentication
- * mechanisms, by creating an Authentication instance and using the code:
+ * mechanisms, by creating an Authentication instance and using the code:
*
*
* SecurityContextHolder.getContext().setAuthentication(anAuthentication);
@@ -84,14 +84,14 @@ public interface Authentication extends Principal, Serializable {
* Principal being authenticated or the authenticated principal after authentication.
*/
Object getPrincipal();
/**
- * Used to indicate to AbstractSecurityInterceptor whether it should present the
+ * Used to indicate to {@code AbstractSecurityInterceptor} whether it should present the
* authentication token to the AuthenticationManager. Typically an AuthenticationManager
* (or, more often, one of its AuthenticationProviders) will return an immutable authentication token
* after successful authentication, in which case that token can safely return true to this method.
diff --git a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
index 434106b8e4..ac755e0884 100755
--- a/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
+++ b/core/src/main/java/org/springframework/security/core/authority/mapping/Attributes2GrantedAuthoritiesMapper.java
@@ -20,7 +20,7 @@ public interface Attributes2GrantedAuthoritiesMapper {
* GrantedAuthorities, all attributes can be mapped to a single Spring Security
* GrantedAuthority, some attributes may not be mapped, etc.
*
- * @param attribute the attributes to be mapped
+ * @param attributes the attributes to be mapped
* @return the list of mapped GrantedAuthorities
*/
public ListAuthentication object. In turn,
- * SessionRegistryUtils is used by {@link
- * ConcurrentSessionControllerImpl}. If not using this latter implementation,
- * you do not need the Authentication.getDetails() object to
- * implement SessionIdentifierAware.
- * Authentication object.
*
* @author Ben Alex
*/
diff --git a/core/src/main/java/org/springframework/security/core/token/Token.java b/core/src/main/java/org/springframework/security/core/token/Token.java
index 3cf22b7020..8547d74840 100644
--- a/core/src/main/java/org/springframework/security/core/token/Token.java
+++ b/core/src/main/java/org/springframework/security/core/token/Token.java
@@ -31,7 +31,7 @@ public interface Token {
* token must never have this creation time changed. If necessary, a new token can be
* requested from the {@link TokenService} to replace the original token.
*
- * @return the time this token key was created, in the same format as specified by {@link Date#getTime()).
+ * @return the time this token key was created, in the same format as specified by {@link java.util.Date#getTime()}.
*/
long getKeyCreationTime();
diff --git a/core/src/main/java/org/springframework/security/core/token/TokenService.java b/core/src/main/java/org/springframework/security/core/token/TokenService.java
index 5101cc5917..f5327a0529 100644
--- a/core/src/main/java/org/springframework/security/core/token/TokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/TokenService.java
@@ -29,9 +29,10 @@ public interface TokenService {
/**
* Forces the allocation of a new {@link Token}.
*
- * @param the extended information desired in the token (cannot be null, but can be empty)
+ * @param extendedInformation the extended information desired in the token
+ * (cannot be null, but can be empty)
* @return a new token that has not been issued previously, and is guaranteed to be recognised
- * by this implementation's {@link #verifyToken(String)} at any future time.
+ * by this implementation's {@link #verifyToken(String)} at any future time.
*/
Token allocateToken(String extendedInformation);
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
index 02503891be..a6da6f86f0 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserCache.java
@@ -15,7 +15,6 @@
package org.springframework.security.core.userdetails;
-
/**
* Provides a cache of {@link UserDetails} objects.
*
@@ -30,7 +29,7 @@ package org.springframework.security.core.userdetails;
* a database or other persistent storage mechanism to validate would be excessive. In this case, you would configure
* a cache to store the UserDetails information rather than loading it each time.
*
- * @see {@link org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider}
+ * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
*
* @author Ben Alex
*/
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
index 63975ce380..b16c1c5595 100644
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
@@ -41,7 +41,7 @@ public interface UserDetailsService {
* UserDetails object that comes back may have a username that is of a different case than what was
* actually requested..
*
- * @param username the username presented to the {@link DaoAuthenticationProvider}
+ * @param username the username identifying the user whose data is required.
*
* @return a fully populated user record (never null)
*
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index ef5c801c79..cf1642c2ab 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -22,14 +22,14 @@ import javax.naming.ldap.Control;
*
* A Password Policy request control.
*
*
false.
*
- * @TODO Should we have only a single credentials parameter here? For
- * example for X509 the certificate is used as credentials, while
- * currently a J2EE username is specified as a principal but could as
- * well be set as credentials.
- *
* @param aPrincipal
* The pre-authenticated principal
* @param aCredentials
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
index 9e9ee3cc0b..204e9b26b6 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
@@ -25,16 +25,6 @@ public class PreAuthenticatedGrantedAuthoritiesAuthenticationDetails extends Aut
super(context);
}
- /**
- * @return The String representation of this object.
- */
- public String toString() {
- StringBuilder sb = new StringBuilder();
- sb.append(super.toString() + "; ");
- sb.append("preAuthenticatedGrantedAuthorities: " + preAuthenticatedGrantedAuthorities);
- return sb.toString();
- }
-
/**
*
* @see org.springframework.security.core.authority.GrantedAuthoritiesContainer#getGrantedAuthorities()
@@ -46,9 +36,19 @@ public class PreAuthenticatedGrantedAuthoritiesAuthenticationDetails extends Aut
}
/**
- * @see org.springframework.security.core.authority.MutableGrantedAuthoritiesContainer#setGrantedAuthorities()
+ * @see MutableGrantedAuthoritiesContainer#setGrantedAuthorities(List)
*/
public void setGrantedAuthorities(Listnull or all unexpired sessions associated with the principal
* @param allowableSessions the number of concurrent sessions the user is allowed to have
* @param registry an instance of the SessionRegistry for subclass use
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
index 2f4f5d0d56..89521f3615 100644
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -42,7 +42,7 @@ import org.springframework.util.ReflectionUtils;
* ensure that the allowSessionCreation property of this class is set to true (the default).
* false.
* Only do this if you really need to conserve server memory and ensure all classes using the
* {@code SecurityContextHolder} are designed to have no persistence of the {@code SecurityContext}
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
index ec7f033819..378d30ca28 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCache.java
@@ -22,7 +22,8 @@ public interface RequestCache {
/**
* Returns the saved request, leaving it cached.
- * @param currentRequest the current
+ *
+ * @param request the current request
* @return the saved request which was previously cached, or null if there is none.
*/
SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response);
@@ -39,8 +40,9 @@ public interface RequestCache {
HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response);
/**
- * Removes the cached request
- * @param currentRequest
+ * Removes the cached request.
+ *
+ * @param request the current request, allowing access to the cache.
*/
void removeRequest(HttpServletRequest request, HttpServletResponse response);
diff --git a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
index fd131a589a..b339c4a542 100644
--- a/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java
@@ -1,11 +1,11 @@
package org.springframework.security.web.util;
/**
- * Internal utility for escaping characters in HTML strings.
+ * Internal utility for escaping
+ * characters in HTML strings.
*
* @author Luke Taylor
*
- * @see http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Java
*/
public abstract class TextEscapeUtils {