Code Cleanup

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java

@@ -115,15 +115,8 @@ public boolean equals(final Object obj) {
 		if (!super.equals(obj)) {
 			return false;
 		}
-		if (obj instanceof CasAuthenticationToken) {
-			CasAuthenticationToken test = (CasAuthenticationToken) obj;
-			if (!this.assertion.equals(test.getAssertion())) {
-				return false;
-			}
-			if (this.getKeyHash() != test.getKeyHash()) {
-				return false;
-			}
-			return true;
+		if (obj instanceof CasAuthenticationToken test) {
+			return this.assertion.equals(test.getAssertion()) && this.getKeyHash() == test.getKeyHash();
 		}
 		return false;
 	}

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -3696,7 +3696,7 @@ public HttpSecurity securityMatcher(String... patterns) {
 	 * @throws Exception
 	 */
 	public HttpSecurity webAuthn(Customizer<WebAuthnConfigurer<HttpSecurity>> webAuthn) throws Exception {
-		webAuthn.customize(getOrApply(new WebAuthnConfigurer<HttpSecurity>()));
+		webAuthn.customize(getOrApply(new WebAuthnConfigurer<>()));
 		return HttpSecurity.this;
 	}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -179,8 +179,7 @@ private void registerDefaults(B http) {
 		allMatcher.setUseEquals(true);
 		RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(
 				new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
-		RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(
-				Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
+		RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(Arrays.asList(notHtmlMatcher, restMatcher));
 		RequestMatcher preferredMatcher = new OrRequestMatcher(
 				Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
 		registerDefaultEntryPoint(http, preferredMatcher);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -326,8 +326,7 @@ private void registerDefaultEntryPoint(H http) {
 			allMatcher.setUseEquals(true);
 			RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(
 					new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
-			RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(
-					Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
+			RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(Arrays.asList(notHtmlMatcher, restMatcher));
 			RequestMatcher preferredMatcher = new OrRequestMatcher(
 					Arrays.asList(this.requestMatcher, X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
 			exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, preferredMatcher);

config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java

@@ -26,7 +26,6 @@
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.ObservationAuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -73,7 +72,7 @@ public AuthenticationManager getObject() throws Exception {
 				provider.setPasswordEncoder(passwordEncoder);
 			}
 			provider.afterPropertiesSet();
-			ProviderManager manager = new ProviderManager(Arrays.<AuthenticationProvider>asList(provider));
+			ProviderManager manager = new ProviderManager(Arrays.asList(provider));
 			if (this.observationRegistry.isNoop()) {
 				return manager;
 			}

core/src/main/java/org/springframework/security/authentication/jaas/memory/InMemoryConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2016 the original author or authors.
+ * Copyright 2010-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,7 @@ public class InMemoryConfiguration extends Configuration {
 	 * {@link #getAppConfigurationEntry(String)}. Can be <code>null</code>.
 	 */
 	public InMemoryConfiguration(AppConfigurationEntry[] defaultConfiguration) {
-		this(Collections.<String, AppConfigurationEntry[]>emptyMap(), defaultConfiguration);
+		this(Collections.emptyMap(), defaultConfiguration);
 	}
 
 	/**

core/src/main/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscoverer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,7 +53,7 @@ public class DefaultSecurityParameterNameDiscoverer extends PrioritizedParameter
 	 * instances.
 	 */
 	public DefaultSecurityParameterNameDiscoverer() {
-		this(Collections.<ParameterNameDiscoverer>emptyList());
+		this(Collections.emptyList());
 	}
 
 	/**

core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 the original author or authors.
+ * Copyright 2015-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -60,11 +60,11 @@ public void setupModule(SetupContext context) {
 		context.setMixInAnnotations(AnonymousAuthenticationToken.class, AnonymousAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(RememberMeAuthenticationToken.class, RememberMeAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(SimpleGrantedAuthority.class, SimpleGrantedAuthorityMixin.class);
-		context.setMixInAnnotations(Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(),
+		context.setMixInAnnotations(Collections.unmodifiableSet(Collections.emptySet()).getClass(),
 				UnmodifiableSetMixin.class);
-		context.setMixInAnnotations(Collections.<Object>unmodifiableList(Collections.emptyList()).getClass(),
+		context.setMixInAnnotations(Collections.unmodifiableList(Collections.emptyList()).getClass(),
 				UnmodifiableListMixin.class);
-		context.setMixInAnnotations(Collections.<Object, Object>unmodifiableMap(Collections.emptyMap()).getClass(),
+		context.setMixInAnnotations(Collections.unmodifiableMap(Collections.emptyMap()).getClass(),
 				UnmodifiableMapMixin.class);
 		context.setMixInAnnotations(User.class, UserMixin.class);
 		context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class,

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java

@@ -34,7 +34,7 @@ abstract class JsonNodeUtils {
 	static final TypeReference<Set<String>> STRING_SET = new TypeReference<>() {
 	};
 
-	static final TypeReference<Map<String, Object>> STRING_OBJECT_MAP = new TypeReference<Map<String, Object>>() {
+	static final TypeReference<Map<String, Object>> STRING_OBJECT_MAP = new TypeReference<>() {
 	};
 
 	static String findStringValue(JsonNode jsonNode, String fieldName) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -395,9 +395,9 @@ private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest request, Ex
 	}
 
 	private Mono<ClientRequest> mergeRequestAttributesIfNecessary(ClientRequest request) {
-		if (!request.attribute(HTTP_SERVLET_REQUEST_ATTR_NAME).isPresent()
-				|| !request.attribute(HTTP_SERVLET_RESPONSE_ATTR_NAME).isPresent()
-				|| !request.attribute(AUTHENTICATION_ATTR_NAME).isPresent()) {
+		if (request.attribute(HTTP_SERVLET_REQUEST_ATTR_NAME).isEmpty()
+				|| request.attribute(HTTP_SERVLET_RESPONSE_ATTR_NAME).isEmpty()
+				|| request.attribute(AUTHENTICATION_ATTR_NAME).isEmpty()) {
 			return mergeRequestAttributesFromContext(request);
 		}
 		return Mono.just(request);

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToListStringConverter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,12 +43,9 @@ public Set<ConvertiblePair> getConvertibleTypes() {
 
 	@Override
 	public boolean matches(TypeDescriptor sourceType, TypeDescriptor targetType) {
-		if (targetType.getElementTypeDescriptor() == null
-				|| targetType.getElementTypeDescriptor().getType().equals(String.class) || sourceType == null
-				|| ClassUtils.isAssignable(sourceType.getType(), targetType.getElementTypeDescriptor().getType())) {
-			return true;
-		}
-		return false;
+		TypeDescriptor typeDescriptor = targetType.getElementTypeDescriptor();
+		return typeDescriptor == null || typeDescriptor.getType().equals(String.class) || sourceType == null
+				|| ClassUtils.isAssignable(sourceType.getType(), typeDescriptor.getType());
 	}
 
 	@Override

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ObjectToMapStringObjectConverter.java

@@ -37,11 +37,8 @@ public Set<ConvertiblePair> getConvertibleTypes() {
 
 	@Override
 	public boolean matches(TypeDescriptor sourceType, TypeDescriptor targetType) {
-		if (targetType.getElementTypeDescriptor() == null
-				|| targetType.getMapKeyTypeDescriptor().getType().equals(String.class)) {
-			return true;
-		}
-		return false;
+		return targetType.getElementTypeDescriptor() == null
+				|| targetType.getMapKeyTypeDescriptor().getType().equals(String.class);
 	}
 
 	@Override

web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java

@@ -109,10 +109,8 @@ private boolean skipDispatch(HttpServletRequest request) {
 		if (DispatcherType.ERROR.equals(request.getDispatcherType()) && !this.filterErrorDispatch) {
 			return true;
 		}
-		if (DispatcherType.ASYNC.equals(request.getDispatcherType()) && !this.filterAsyncDispatch) {
-			return true;
-		}
-		return false;
+
+		return DispatcherType.ASYNC.equals(request.getDispatcherType()) && !this.filterAsyncDispatch;
 	}
 
 	private boolean isApplied(HttpServletRequest request) {

web/src/main/java/org/springframework/security/web/firewall/DefaultHttpFirewall.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -87,10 +87,7 @@ private boolean containsInvalidUrlEncodedSlash(String uri) {
 		if (this.allowUrlEncodedSlash || uri == null) {
 			return false;
 		}
-		if (uri.contains("%2f") || uri.contains("%2F")) {
-			return true;
-		}
-		return false;
+		return uri.contains("%2f") || uri.contains("%2F");
 	}
 
 	/**

web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java

@@ -611,10 +611,7 @@ private static boolean decodedUrlContains(HttpServletRequest request, String val
 		if (valueContains(request.getServletPath(), value)) {
 			return true;
 		}
-		if (valueContains(request.getPathInfo(), value)) {
-			return true;
-		}
-		return false;
+		return valueContains(request.getPathInfo(), value);
 	}
 
 	private static boolean containsOnlyPrintableAsciiCharacters(String uri) {

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -354,10 +354,7 @@ private boolean propertyEquals(Object arg1, Object arg2) {
 		if (arg1 == null || arg2 == null) {
 			return false;
 		}
-		if (arg1.equals(arg2)) {
-			return true;
-		}
-		return false;
+		return arg1.equals(arg2);
 	}
 
 	@Override

web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -228,7 +228,7 @@ private Mono<Authentication> attemptSwitchUser(Authentication currentAuthenticat
 	@NonNull
 	private Authentication attemptExitUser(Authentication currentAuthentication) {
 		Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
-		if (!sourceAuthentication.isPresent()) {
+		if (sourceAuthentication.isEmpty()) {
 			this.logger.debug("Failed to find original user");
 			throw noOriginalAuthenticationException();
 		}

web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java

@@ -121,7 +121,7 @@ public AuthenticationExtensionsClientOutputs getClientExtensionResults() {
 	 * @return the {@link PublicKeyCredentialBuilder}
 	 */
 	public static <T extends AuthenticatorResponse> PublicKeyCredentialBuilder<T> builder() {
-		return new PublicKeyCredentialBuilder<T>();
+		return new PublicKeyCredentialBuilder<>();
 	}
 
 	/**