Format Lambda Expressions

This commit updats lambda expressions so that
their variable is surrounded in parentheses.

Issue gh-13067

buildSrc/src/main/groovy/io/spring/gradle/convention/ManagementConfigurationPlugin.java

@@ -61,7 +61,7 @@ public class ManagementConfigurationPlugin implements Plugin<Project> {
 				PublishingExtension publishing = project.getExtensions().getByType(PublishingExtension.class);
 				publishing.getPublications().withType(MavenPublication.class, (mavenPublication -> {
 					mavenPublication.versionMapping((versions) ->
-							versions.allVariants(versionMapping -> versionMapping.fromResolutionResult())
+							versions.allVariants((versionMapping) -> versionMapping.fromResolutionResult())
 					);
 				}));
 			});

buildSrc/src/main/java/org/springframework/security/CheckExpectedBranchVersionPlugin.java

@@ -46,7 +46,7 @@ public class CheckExpectedBranchVersionPlugin implements Plugin<Project> {
 			task.setDescription("Check if the project version matches the branch version");
 			task.onlyIf("skipCheckExpectedBranchVersion property is false or not present", CheckExpectedBranchVersionPlugin::skipPropertyFalseOrNotPresent);
 			task.getVersion().convention(project.provider(() -> project.getVersion().toString()));
-			task.getBranchName().convention(project.getProviders().exec(execSpec -> execSpec.setCommandLine("git", "symbolic-ref", "--short", "HEAD")).getStandardOutput().getAsText());
+			task.getBranchName().convention(project.getProviders().exec((execSpec) -> execSpec.setCommandLine("git", "symbolic-ref", "--short", "HEAD")).getStandardOutput().getAsText());
 			task.getOutputFile().convention(project.getLayout().getBuildDirectory().file("check-expected-branch-version"));
 		});
 		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkExpectedBranchVersionTask));

docs/modules/ROOT/pages/features/authentication/password-storage.adoc

@@ -615,7 +615,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http
-        .authorizeHttpRequests(authorize -> authorize
+        .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
         .formLogin((login) -> login

docs/modules/ROOT/pages/reactive/authorization/authorize-http-requests.adoc

@@ -15,7 +15,7 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
     http
-        .authorizeExchange(exchanges -> exchanges
+        .authorizeExchange((exchanges) -> exchanges
             .anyExchange().authenticated()
         )
         .httpBasic(withDefaults())

docs/modules/ROOT/pages/reactive/authorization/method.adoc

@@ -614,7 +614,7 @@ public class SecurityConfig {
 		return http
 			// Demonstrate that method security works
 			// Best practice to use both for defense in depth
-			.authorizeExchange(exchanges -> exchanges
+			.authorizeExchange((exchanges) -> exchanges
 				.anyExchange().permitAll()
 			)
 			.httpBasic(withDefaults())

docs/modules/ROOT/pages/reactive/configuration/webflux.adoc

@@ -87,7 +87,7 @@ public class HelloWebfluxSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(exchanges -> exchanges
+			.authorizeExchange((exchanges) -> exchanges
 			    .anyExchange().authenticated()
 			)
 			.httpBasic(withDefaults())

docs/modules/ROOT/pages/reactive/exploits/csrf.adoc

@@ -45,7 +45,7 @@ Java::
 public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
+		.csrf((csrf) -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
 	return http.build();
 }
 -----
@@ -91,7 +91,7 @@ Java::
 public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.csrf(csrf -> csrf.disable()))
+		.csrf((csrf) -> csrf.disable()))
 	return http.build();
 }
 ----
@@ -133,7 +133,7 @@ Java::
 public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.csrf(csrf -> csrf
+		.csrf((csrf) -> csrf
 			.csrfTokenRequestHandler(new ServerCsrfTokenRequestAttributeHandler())
 		)
 	return http.build();
@@ -181,7 +181,7 @@ public class SecurityControllerAdvice {
 	@ModelAttribute
 	Mono<CsrfToken> csrfToken(ServerWebExchange exchange) {
 		Mono<CsrfToken> csrfToken = exchange.getAttribute(CsrfToken.class.getName());
-		return csrfToken.doOnSuccess(token -> exchange.getAttributes()
+		return csrfToken.doOnSuccess((token) -> token.getAttributes()
 				.put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token));
 	}
 }
@@ -351,7 +351,7 @@ Java::
 public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.logout(logout -> logout.requiresLogout(new PathPatternParserServerWebExchangeMatcher("/logout")))
+		.logout((logout) -> logout.requiresLogout(new PathPatternParserServerWebExchangeMatcher("/logout")))
 	return http.build();
 }
 ----
@@ -416,7 +416,7 @@ Java::
 public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.csrf(csrf -> csrf.tokenFromMultipartDataEnabled(true))
+		.csrf((csrf) -> csrf.tokenFromMultipartDataEnabled(true))
 	return http.build();
 }
 ----

docs/modules/ROOT/pages/reactive/exploits/headers.adoc

@@ -26,8 +26,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.frameOptions(frameOptions -> frameOptions
+		.headers((headers) -> headers
+			.frameOptions((frameOptions) -> frameOptions
 				.mode(Mode.SAMEORIGIN)
 			)
 		);
@@ -67,7 +67,7 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers.disable());
+		.headers((headers) -> headers.disable());
 	return http.build();
 }
 ----
@@ -112,8 +112,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.cache(cache -> cache.disable())
+		.headers((headers) -> headers
+			.cache((cache) -> cache.disable())
 		);
 	return http.build();
 }
@@ -154,8 +154,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
+		.headers((headers) -> headers
+			.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())
 		);
 	return http.build();
 }
@@ -196,8 +196,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.hsts(hsts -> hsts
+		.headers((headers) -> headers
+			.hsts((hsts) -> hsts
 				.includeSubdomains(true)
 				.preload(true)
 				.maxAge(Duration.ofDays(365))
@@ -244,8 +244,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.frameOptions(frameOptions -> frameOptions
+		.headers((headers) -> headers
+			.frameOptions((frameOptions) -> frameOptions
 				.mode(SAMEORIGIN)
 			)
 		);
@@ -287,8 +287,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.xssProtection(xssProtection -> xssProtection.disable())
+		.headers((headers) -> headers
+			.xssProtection((xssProtection) -> xssProtection.disable())
 		);
 	return http.build();
 }
@@ -325,8 +325,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.xssProtection(xssProtection -> xssProtection.headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK))
+		.headers((headers) -> headers
+			.xssProtection((xssProtection) -> xssProtection.headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK))
 		);
 	return http.build();
 }
@@ -376,8 +376,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.contentSecurityPolicy(policy -> policy
+		.headers((headers) -> headers
+			.contentSecurityPolicy((policy) -> policy
 				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 			)
 		);
@@ -416,8 +416,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.contentSecurityPolicy(policy -> policy
+		.headers((headers) -> headers
+			.contentSecurityPolicy((policy) -> policy
 				.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 				.reportOnly()
 			)
@@ -462,8 +462,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.referrerPolicy(referrer -> referrer
+		.headers((headers) -> headers
+			.referrerPolicy((referrer) -> referrer
 				.policy(ReferrerPolicy.SAME_ORIGIN)
 			)
 		);
@@ -515,7 +515,7 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
+		.headers((headers) -> headers
 			.featurePolicy("geolocation 'self'")
 		);
 	return http.build();
@@ -564,8 +564,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.headers(headers -> headers
-			.permissionsPolicy(permissions -> permissions
+		.headers((headers) -> headers
+			.permissionsPolicy((permissions) -> permissions
 				.policy("geolocation=(self)")
 			)
 		);

docs/modules/ROOT/pages/reactive/exploits/http.adoc

@@ -57,8 +57,8 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.redirectToHttps(redirect -> redirect
-			.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
+		.redirectToHttps((redirect) -> redirect
+			.httpsRedirectWhen((e) -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
 		);
 	return http.build();
 }

docs/modules/ROOT/pages/reactive/integrations/cors.adoc

@@ -55,7 +55,7 @@ Java::
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		// ...
-		.cors(cors -> cors.disable());
+		.cors((cors) -> cors.disable());
 	return http.build();
 }
 ----

docs/modules/ROOT/pages/reactive/integrations/rsocket.adoc

@@ -426,7 +426,7 @@ rsocket
 		authz
 			.setup().hasRole("SETUP") // <1>
 			.route("fetch.profile.me").authenticated() // <2>
-			.matcher(payloadExchange -> isMatch(payloadExchange)) // <3>
+			.matcher((payloadExchange) -> payloadExchange(payloadExchange)) // <3>
 				.hasRole("CUSTOM")
 			.route("fetch.profile.{username}") // <4>
 				.access((authentication, context) -> checkFriends(authentication, context))

docs/modules/ROOT/pages/reactive/oauth2/client/authorization-grants.adoc

@@ -145,10 +145,10 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(authorize -> authorize
+			.authorizeExchange((authorize) -> authorize
 				.anyExchange().authenticated()
 			)
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 				.authorizationRequestResolver(
 					authorizationRequestResolver(this.clientRegistrationRepository)
 				)
@@ -170,7 +170,7 @@ public class OAuth2LoginSecurityConfig {
 
 	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
 		return customizer -> customizer
-					.additionalParameters(params -> params.put("prompt", "consent"));
+					.additionalParameters((params) -> params.put("prompt", "consent"));
 	}
 }
 ----
@@ -252,7 +252,7 @@ Java::
 ----
 private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
 	return customizer -> customizer
-			.authorizationRequestUri(uriBuilder -> uriBuilder
+			.authorizationRequestUri((uriBuilder) -> uriBuilder
 					.queryParam("prompt", "consent").build());
 }
 ----
@@ -301,7 +301,7 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.oauth2Client(oauth2 -> oauth2
+			.oauth2Client((oauth2) -> oauth2
 				.authorizationRequestRepository(this.authorizationRequestRepository())
 				// ...
 			);
@@ -370,7 +370,7 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.oauth2Client(oauth2 -> oauth2
+			.oauth2Client((oauth2) -> oauth2
 				.authenticationManager(this.authorizationCodeAuthenticationManager())
 				// ...
 			);
@@ -461,7 +461,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> refreshT
 ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
 		ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
+				.refreshToken((configurer) -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
 				.build();
 
 // ...
@@ -540,7 +540,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> cli
 
 ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
 		ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-				.clientCredentials(configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
+				.clientCredentials((configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
 				.build();
 
 // ...
@@ -748,7 +748,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordToke
 
 ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
 		ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
-				.password(configurer -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
+				.password((configurer) -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
 				.refreshToken()
 				.build();
 

docs/modules/ROOT/pages/reactive/oauth2/client/index.adoc

@@ -38,7 +38,7 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.oauth2Client(oauth2 -> oauth2
+			.oauth2Client((oauth2) -> oauth2
 				.clientRegistrationRepository(this.clientRegistrationRepository())
 				.authorizedClientRepository(this.authorizedClientRepository())
 				.authorizationRequestRepository(this.authorizationRequestRepository())

docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc

@@ -36,7 +36,7 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 		http
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 				.authenticationConverter(this.authenticationConverter())
 				.authenticationMatcher(this.authenticationMatcher())
 				.authenticationManager(this.authenticationManager())
@@ -135,10 +135,10 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.exceptionHandling(exceptionHandling -> exceptionHandling
+			.exceptionHandling((exceptionHandling) -> exceptionHandling
 				.authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/login/oauth2"))
 			)
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 				.authorizationRequestResolver(this.authorizationRequestResolver())
 			);
 
@@ -239,7 +239,7 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 				.authenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/callback/{registrationId}"))
 			);
 
@@ -688,7 +688,7 @@ Java::
 @Bean
 public ReactiveJwtDecoderFactory<ClientRegistration> idTokenDecoderFactory() {
 	ReactiveOidcIdTokenDecoderFactory idTokenDecoderFactory = new ReactiveOidcIdTokenDecoderFactory();
-	idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
+	idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> clientRegistration.HS256);
 	return idTokenDecoderFactory;
 }
 ----

docs/modules/ROOT/pages/reactive/oauth2/login/core.adoc

@@ -337,7 +337,7 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(authorize -> authorize
+			.authorizeExchange((authorize) -> authorize
 				.anyExchange().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -390,7 +390,7 @@ public class OAuth2LoginConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(authorize -> authorize
+			.authorizeExchange((authorize) -> authorize
 				.anyExchange().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -487,7 +487,7 @@ public class OAuth2LoginConfig {
 	@Bean
 	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 		http
-			.authorizeExchange(authorize -> authorize
+			.authorizeExchange((authorize) -> authorize
 				.anyExchange().authenticated()
 			)
 			.oauth2Login(withDefaults());

docs/modules/ROOT/pages/reactive/oauth2/resource-server/bearer-tokens.adoc

@@ -19,7 +19,7 @@ Java::
 ServerBearerTokenAuthenticationConverter converter = new ServerBearerTokenAuthenticationConverter();
 converter.setBearerTokenHeaderName(HttpHeaders.PROXY_AUTHORIZATION);
 http
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .bearerTokenConverter(converter)
     );
 ----
@@ -108,7 +108,7 @@ Java::
 ----
 this.rest.get()
         .uri("https://other-service.example.com/endpoint")
-        .headers(headers -> headers.setBearerAuth(overridingToken))
+        .headers((headers) -> headers.setBearerAuth(overridingToken))
         .retrieve()
         .bodyToMono(String.class)
 ----

docs/modules/ROOT/pages/reactive/oauth2/resource-server/jwt.adoc

@@ -128,7 +128,7 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
@@ -170,11 +170,11 @@ import static org.springframework.security.oauth2.core.authorization.OAuth2React
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.pathMatchers("/message/**").access(hasScope("message:read"))
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2 -> oauth2
+		.oauth2ResourceServer((oauth2) -> oauth2
 			.jwt(withDefaults())
 		);
 	return http.build();
@@ -254,11 +254,11 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2 -> oauth2
-			.jwt(jwt -> jwt
+		.oauth2ResourceServer((oauth2) -> oauth2
+			.jwt((jwt) -> jwt
 				.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
 			)
 		);
@@ -302,11 +302,11 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2 -> oauth2
-			.jwt(jwt -> jwt
+		.oauth2ResourceServer((oauth2) -> oauth2
+			.jwt((jwt) -> jwt
 				.decoder(myCustomDecoder())
 			)
 		);
@@ -691,7 +691,7 @@ import static org.springframework.security.oauth2.core.authorization.OAuth2React
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.mvcMatchers("/contacts/**").access(hasScope("contacts"))
 			.mvcMatchers("/messages/**").access(hasScope("messages"))
 			.anyExchange().authenticated()
@@ -762,11 +762,11 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.anyExchange().authenticated()
 		)
-		.oauth2ResourceServer(oauth2 -> oauth2
-			.jwt(jwt -> jwt
+		.oauth2ResourceServer((oauth2) -> oauth2
+			.jwt((jwt) -> jwt
 				.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
 			)
 		);

docs/modules/ROOT/pages/reactive/oauth2/resource-server/multitenancy.adoc

@@ -27,10 +27,10 @@ JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = J
     .fromTrustedIssuers("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
 
 http
-    .authorizeExchange(exchanges -> exchanges
+    .authorizeExchange((exchanges) -> exchanges
         .anyExchange().authenticated()
     )
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
@@ -74,7 +74,7 @@ private Mono<ReactiveAuthenticationManager> addManager(
 	return Mono.fromCallable(() -> ReactiveJwtDecoders.fromIssuerLocation(issuer))
             .subscribeOn(Schedulers.boundedElastic())
             .map(JwtReactiveAuthenticationManager::new)
-            .doOnNext(authenticationManager -> authenticationManagers.put(issuer, authenticationManager));
+            .doOnNext((authenticationManager) -> authenticationManager.put(issuer, authenticationManager));
 }
 
 // ...
@@ -83,10 +83,10 @@ JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
         new JwtIssuerReactiveAuthenticationManagerResolver(authenticationManagers::get);
 
 http
-    .authorizeExchange(exchanges -> exchanges
+    .authorizeExchange((exchanges) -> exchanges
         .anyExchange().authenticated()
     )
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----

docs/modules/ROOT/pages/reactive/oauth2/resource-server/opaque-token.adoc

@@ -176,7 +176,7 @@ Java::
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
-		.authorizeExchange(exchanges -> exchanges
+		.authorizeExchange((exchanges) -> exchanges
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
@@ -221,12 +221,12 @@ public class MyCustomSecurityConfiguration {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges -> exchanges
+            .authorizeExchange((exchanges) -> exchanges
                 .pathMatchers("/messages/**").access(hasScope("message:read"))
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspector(myIntrospector())
                 )
             );
@@ -310,11 +310,11 @@ public class DirectlyConfiguredIntrospectionUri {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges -> exchanges
+            .authorizeExchange((exchanges) -> exchanges
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspectionUri("https://idp.example.com/introspect")
                     .introspectionClientCredentials("client", "secret")
                 )
@@ -364,11 +364,11 @@ public class DirectlyConfiguredIntrospector {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchanges -> exchanges
+            .authorizeExchange((exchanges) -> exchanges
                 .anyExchange().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspector(myCustomIntrospector())
                 )
             );
@@ -457,7 +457,7 @@ public class MappedAuthorities {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
-            .authorizeExchange(exchange -> exchange
+            .authorizeExchange((exchange) -> exchange
                 .pathMatchers("/contacts/**").access(hasScope("contacts"))
                 .pathMatchers("/messages/**").access(hasScope("messages"))
                 .anyExchange().authenticated()
@@ -543,7 +543,7 @@ public class CustomAuthoritiesOpaqueTokenIntrospector implements ReactiveOpaqueT
 
     public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
         return this.delegate.introspect(token)
-                .map(principal -> new DefaultOAuth2AuthenticatedPrincipal(
+                .map((principal) -> principal DefaultOAuth2AuthenticatedPrincipal(
                         principal.getName(), principal.getAttributes(), extractAuthorities(principal)));
     }
 
@@ -650,8 +650,8 @@ public class JwtOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospect
 
 	public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
 		return this.delegate.introspect(token)
-				.flatMap(principal -> this.jwtDecoder.decode(token))
-				.map(jwt -> new DefaultOAuth2AuthenticatedPrincipal(jwt.getClaims(), NO_AUTHORITIES));
+				.flatMap((principal) -> principal.jwtDecoder.decode(token))
+				.map((jwt) -> jwt DefaultOAuth2AuthenticatedPrincipal(jwt.getClaims(), NO_AUTHORITIES));
 	}
 
 	private static class ParseOnlyJWTProcessor implements Converter<JWT, Mono<JWTClaimsSet>> {

docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc

@@ -227,7 +227,7 @@ Java::
 ----
 client
     .mutateWith(mockOidcLogin()
-        .idToken(token -> token.claim("user_id", "1234"))
+        .idToken((token) -> token.claim("user_id", "1234"))
     )
     .get().uri("/endpoint").exchange();
 ----
@@ -470,7 +470,7 @@ Java::
 ----
 client
     .mutateWith(mockOAuth2Login()
-        .attributes(attrs -> attrs.put("user_id", "1234"))
+        .attributes((attrs) -> attrs.put("user_id", "1234"))
     )
     .get().uri("/endpoint").exchange();
 ----
@@ -869,7 +869,7 @@ Java::
 [source,java,role="primary"]
 ----
 client
-	.mutateWith(mockJwt().jwt(jwt -> jwt.header("kid", "one")
+	.mutateWith(mockJwt().jwt((jwt) -> jwt.header("kid", "one")
 		.claim("iss", "https://idp.example.org")))
 	.get().uri("/endpoint").exchange();
 ----
@@ -893,7 +893,7 @@ Java::
 [source,java,role="primary"]
 ----
 client
-	.mutateWith(mockJwt().jwt(jwt -> jwt.claims(claims -> claims.remove("scope"))))
+	.mutateWith(mockJwt().jwt((jwt) -> jwt.claims((claims) -> claims.remove("scope"))))
 	.get().uri("/endpoint").exchange();
 ----
 
@@ -1206,7 +1206,7 @@ Java::
 ----
 client
     .mutateWith(mockOpaqueToken()
-        .attributes(attrs -> attrs.put("user_id", "1234"))
+        .attributes((attrs) -> attrs.put("user_id", "1234"))
     )
     .get().uri("/endpoint").exchange();
 ----

docs/modules/ROOT/pages/servlet/architecture.adoc

@@ -171,7 +171,7 @@ public class SecurityConfig {
             .csrf(Customizer.withDefaults())
             .httpBasic(Customizer.withDefaults())
             .formLogin(Customizer.withDefaults())
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             );
 

docs/modules/ROOT/pages/servlet/authentication/passwords/digest.adoc

@@ -64,7 +64,7 @@ DigestAuthenticationFilter digestAuthenticationFilter() {
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	http
 		// ...
-		.exceptionHandling(e -> e.authenticationEntryPoint(authenticationEntryPoint()))
+		.exceptionHandling((e) -> e.authenticationEntryPoint(authenticationEntryPoint()))
 		.addFilter(digestAuthenticationFilter());
 	return http.build();
 }

docs/modules/ROOT/pages/servlet/authentication/passwords/form.adoc

@@ -120,7 +120,7 @@ Java::
 ----
 public SecurityFilterChain filterChain(HttpSecurity http) {
 	http
-		.formLogin(form -> form
+		.formLogin((form) -> form
 			.loginPage("/login")
 			.permitAll()
 		);

docs/modules/ROOT/pages/servlet/authentication/session-management.adoc

@@ -359,7 +359,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .maximumSessions(1)
         );
     return http.build();
@@ -412,7 +412,7 @@ Java::
 public SecurityFilterChain filterChain(HttpSecurity http) {
 	AuthorizationManager<?> isAdmin = AuthorityAuthorizationManager.hasRole("ADMIN");
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .maximumSessions((authentication) -> isAdmin.authorize(() -> authentication, null).isGranted() ? -1 : 1)
         );
     return http.build();
@@ -504,7 +504,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .maximumSessions(1)
             .maxSessionsPreventsLogin(true)
         );
@@ -612,7 +612,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .invalidSessionUrl("/invalidSession")
         );
     return http.build();
@@ -663,7 +663,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .invalidSessionStrategy(new MyCustomInvalidSessionStrategy())
         );
     return http.build();
@@ -767,7 +767,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .logout(logout -> logout
+        .logout((logout) -> logout
             .deleteCookies("JSESSIONID")
         );
     return http.build();
@@ -971,7 +971,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) {
     http
-        .sessionManagement(session -> session
+        .sessionManagement((session) -> session
             .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
         );
     return http.build();

docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

@@ -741,7 +741,7 @@ import static org.springframework.security.authorization.AuthorityAuthorizationM
 SecurityFilterChain web(HttpSecurity http) throws Exception {
 	http
 		// ...
-		.authorizeHttpRequests(authorize -> authorize                                  // <1>
+		.authorizeHttpRequests((authorize) -> authorize                                  // <1>
             .dispatcherTypeMatchers(FORWARD, ERROR).permitAll() // <2>
 			.requestMatchers("/static/**", "/signup", "/about").permitAll()         // <3>
 			.requestMatchers("/admin/**").hasRole("ADMIN")                             // <4>
@@ -1043,7 +1043,7 @@ public class SecurityConfig {
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http
 			.securityMatcher("/api/**")                            <1>
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers("/api/user/**").hasRole("USER")   <2>
 				.requestMatchers("/api/admin/**").hasRole("ADMIN") <3>
 				.anyRequest().authenticated()                      <4>
@@ -1106,7 +1106,7 @@ public class SecurityConfig {
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http
 			.securityMatcher(antMatcher("/api/**"))                              <2>
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers(antMatcher("/api/user/**")).hasRole("USER")     <3>
 				.requestMatchers(regexMatcher("/api/admin/.*")).hasRole("ADMIN") <4>
 				.requestMatchers(new MyCustomRequestMatcher()).hasRole("SUPERVISOR")     <5>

docs/modules/ROOT/pages/servlet/configuration/java.adoc

@@ -173,7 +173,7 @@ It is configured with the following default implementation:
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	http
-		.authorizeHttpRequests(authorize -> authorize
+		.authorizeHttpRequests((authorize) -> authorize
 			.anyRequest().authenticated()
 		)
 		.formLogin(Customizer.withDefaults())
@@ -228,7 +228,7 @@ public class MultiHttpSecurityConfig {
 	public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
 		http
 			.securityMatcher("/api/**")                              <3>
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().hasRole("ADMIN")
 			)
 			.httpBasic(Customizer.withDefaults());
@@ -238,7 +238,7 @@ public class MultiHttpSecurityConfig {
 	@Bean                                                            <4>
 	public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
 			.formLogin(Customizer.withDefaults());
@@ -297,7 +297,7 @@ public class PartialSecurityConfig {
 	public SecurityFilterChain securedFilterChain(HttpSecurity http) throws Exception {
 		http
 			.securityMatcher("/secured/**")                            <1>
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers("/secured/user").hasRole("USER")      <2>
 				.requestMatchers("/secured/admin").hasRole("ADMIN")    <3>
 				.anyRequest().authenticated()                          <4>
@@ -357,15 +357,15 @@ public class SecuredSecurityConfig {
 	public SecurityFilterChain securedFilterChain(HttpSecurity http) throws Exception {
 		http
 			.securityMatcher("/secured/**")                            <1>
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()                          <2>
 			)
-			.formLogin(formLogin -> formLogin                          <3>
+			.formLogin((formLogin) -> formLogin                          <3>
 				.loginPage("/secured/login")
 				.loginProcessingUrl("/secured/login")
 				.permitAll()
 			)
-			.logout(logout -> logout                                   <4>
+			.logout((logout) -> logout                                   <4>
 				.logoutUrl("/secured/logout")
 				.logoutSuccessUrl("/secured/login?logout")
 				.permitAll()
@@ -377,7 +377,7 @@ public class SecuredSecurityConfig {
 	@Bean
 	public SecurityFilterChain defaultFilterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().denyAll()                                <5>
 			);
 		return http.build();
@@ -424,7 +424,7 @@ public class BankingSecurityConfig {
         String[] approvalsPaths = { "/accounts/approvals/**", "/loans/approvals/**", "/credit-cards/approvals/**" };
         http
             .securityMatcher(approvalsPaths)
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().hasRole("ADMIN")
             )
             .httpBasic(Customizer.withDefaults());
@@ -438,7 +438,7 @@ public class BankingSecurityConfig {
 		String[] viewBalancePaths = { "/balances/**" };
         http
 			.securityMatcher(bankingPaths)
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers(viewBalancePaths).hasRole("VIEW_BALANCE")
 				.anyRequest().hasRole("USER")
             );
@@ -449,15 +449,15 @@ public class BankingSecurityConfig {
     public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 		String[] allowedPaths = { "/", "/user-login", "/user-logout", "/notices", "/contact", "/register" };
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers(allowedPaths).permitAll()
 				.anyRequest().authenticated()
             )
-			.formLogin(formLogin -> formLogin
+			.formLogin((formLogin) -> formLogin
 				.loginPage("/user-login")
 				.loginProcessingUrl("/user-login")
 			)
-			.logout(logout -> logout
+			.logout((logout) -> logout
 				.logoutUrl("/user-logout")
 				.logoutSuccessUrl("/?logout")
 			);
@@ -680,7 +680,7 @@ For example, to configure the `filterSecurityPublishAuthorizationSuccess` proper
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	http
-		.authorizeHttpRequests(authorize -> authorize
+		.authorizeHttpRequests((authorize) -> authorize
 			.anyRequest().authenticated()
 			.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
 				public <O extends FilterSecurityInterceptor> O postProcess(

docs/modules/ROOT/pages/servlet/exploits/headers.adoc

@@ -30,8 +30,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.frameOptions(frameOptions -> frameOptions
+			.headers((headers) -> headers
+				.frameOptions((frameOptions) -> frameOptions
 					.sameOrigin()
 				)
 			);
@@ -96,7 +96,7 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
+			.headers((headers) -> headers
 				// do not use any default headers unless explicitly listed
 				.defaultsDisabled()
 				.cacheControl(withDefaults())
@@ -160,7 +160,7 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers.disable());
+			.headers((headers) -> headers.disable());
 		return http.build();
 	}
 }
@@ -226,8 +226,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.cacheControl(cache -> cache.disable())
+			.headers((headers) -> headers
+				.cacheControl((cache) -> cache.disable())
 			);
 		return http.build();
 	}
@@ -291,8 +291,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
+			.headers((headers) -> headers
+				.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())
 			);
 		return http.build();
 	}
@@ -357,8 +357,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.httpStrictTransportSecurity(hsts -> hsts
+			.headers((headers) -> headers
+				.httpStrictTransportSecurity((hsts) -> hsts
 					.includeSubDomains(true)
 					.preload(true)
 					.maxAgeInSeconds(31536000)
@@ -431,8 +431,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.httpPublicKeyPinning(hpkp -> hpkp
+			.headers((headers) -> headers
+				.httpPublicKeyPinning((hpkp) -> hpkp
 					.includeSubDomains(true)
 					.reportUri("https://example.net/pkp-report")
 					.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
@@ -511,8 +511,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.frameOptions(frameOptions -> frameOptions
+			.headers((headers) -> headers
+				.frameOptions((frameOptions) -> frameOptions
 					.sameOrigin()
 				)
 			);
@@ -582,8 +582,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.xssProtection(xss -> xss
+			.headers((headers) -> headers
+				.xssProtection((xss) -> xss
 					.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)
 				)
 			);
@@ -660,8 +660,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.contentSecurityPolicy(csp -> csp
+			.headers((headers) -> headers
+				.contentSecurityPolicy((csp) -> csp
 					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 				)
 			);
@@ -725,8 +725,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.contentSecurityPolicy(csp -> csp
+			.headers((headers) -> headers
+				.contentSecurityPolicy((csp) -> csp
 					.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
 					.reportOnly()
 				)
@@ -797,8 +797,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.referrerPolicy(referrer -> referrer
+			.headers((headers) -> headers
+				.referrerPolicy((referrer) -> referrer
 					.policy(ReferrerPolicy.SAME_ORIGIN)
 				)
 			);
@@ -873,7 +873,7 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
+			.headers((headers) -> headers
 				.featurePolicy("geolocation 'self'")
 			);
 		return http.build();
@@ -945,8 +945,8 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
-				.permissionsPolicy(permissions -> permissions
+			.headers((headers) -> headers
+				.permissionsPolicy((permissions) -> permissions
 					.policy("geolocation=(self)")
 				)
 			);
@@ -1082,7 +1082,7 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
+			.headers((headers) -> headers
 				.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
 			);
 		return http.build();
@@ -1147,7 +1147,7 @@ public class WebSecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			// ...
-			.headers(headers -> headers
+			.headers((headers) -> headers
 				.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
 			);
 		return http.build();
@@ -1223,8 +1223,8 @@ public class WebSecurityConfig {
 			new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
 		http
 			// ...
-			.headers(headers -> headers
-				.frameOptions(frameOptions -> frameOptions.disable())
+			.headers((headers) -> headers
+				.frameOptions((frameOptions) -> frameOptions.disable())
 				.addHeaderWriter(headerWriter)
 			);
 		return http.build();

docs/modules/ROOT/pages/servlet/integrations/websocket.adoc

@@ -607,8 +607,8 @@ public class WebSecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             // ...
-            .headers(headers -> headers
-                .frameOptions(frameOptions -> frameOptions
+            .headers((headers) -> headers
+                .frameOptions((frameOptions) -> frameOptions
                      .sameOrigin()
                 )
         );
@@ -670,17 +670,17 @@ public class WebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .csrf(csrf -> csrf
+            .csrf((csrf) -> csrf
                 // ignore our stomp endpoints since they are protected using Stomp headers
                 .ignoringRequestMatchers("/chat/**")
             )
-            .headers(headers -> headers
+            .headers((headers) -> headers
                 // allow same origin to frame our site to support iframe SockJS
-                .frameOptions(frameOptions -> frameOptions
+                .frameOptions((frameOptions) -> frameOptions
                     .sameOrigin()
                 )
             )
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 ...
             )
             ...

docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc

@@ -147,11 +147,11 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
-			.oauth2Login(oauth2 -> oauth2
-				.authorizationEndpoint(authorization -> authorization
+			.oauth2Login((oauth2) -> oauth2
+				.authorizationEndpoint((authorization) -> authorization
 					.authorizationRequestResolver(
 						authorizationRequestResolver(this.clientRegistrationRepository)
 					)
@@ -174,7 +174,7 @@ public class OAuth2LoginSecurityConfig {
 
 	private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
 		return customizer -> customizer
-					.additionalParameters(params -> params.put("prompt", "consent"));
+					.additionalParameters((params) -> params.put("prompt", "consent"));
 	}
 }
 ----
@@ -257,7 +257,7 @@ Java::
 ----
 private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
 	return customizer -> customizer
-				.authorizationRequestUri(uriBuilder -> uriBuilder
+				.authorizationRequestUri((uriBuilder) -> uriBuilder
 					.queryParam("prompt", "consent").build());
 }
 ----
@@ -306,14 +306,14 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2 -> oauth2
-				.authorizationCodeGrant(codeGrant -> codeGrant
+			.oauth2Client((oauth2) -> oauth2
+				.authorizationCodeGrant((codeGrant) -> codeGrant
 					.authorizationRequestRepository(this.authorizationRequestRepository())
 					// ...
 				)
 			)
-            .oauth2Login(oauth2 -> oauth2
-                .authorizationEndpoint(endpoint -> endpoint
+            .oauth2Login((oauth2) -> oauth2
+                .authorizationEndpoint((endpoint) -> endpoint
                     .authorizationRequestRepository(this.authorizationRequestRepository())
                     // ...
                 )
@@ -412,8 +412,8 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2 -> oauth2
-				.authorizationCodeGrant(codeGrant -> codeGrant
+			.oauth2Client((oauth2) -> oauth2
+				.authorizationCodeGrant((codeGrant) -> codeGrant
 					.accessTokenResponseClient(this.accessTokenResponseClient())
 					// ...
 				)
@@ -514,7 +514,7 @@ OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> refreshTokenToke
 OAuth2AuthorizedClientProvider authorizedClientProvider =
 		OAuth2AuthorizedClientProviderBuilder.builder()
 				.authorizationCode()
-				.refreshToken(configurer -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
+				.refreshToken((configurer) -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
 				.build();
 
 // ...
@@ -605,7 +605,7 @@ OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCrede
 
 OAuth2AuthorizedClientProvider authorizedClientProvider =
 		OAuth2AuthorizedClientProviderBuilder.builder()
-				.clientCredentials(configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
+				.clientCredentials((configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
 				.build();
 
 // ...
@@ -882,7 +882,7 @@ OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordTokenRespons
 
 OAuth2AuthorizedClientProvider authorizedClientProvider =
 		OAuth2AuthorizedClientProviderBuilder.builder()
-				.password(configurer -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
+				.password((configurer) -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
 				.refreshToken()
 				.build();
 

docs/modules/ROOT/pages/servlet/oauth2/client/index.adoc

@@ -40,11 +40,11 @@ public class OAuth2ClientSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Client(oauth2 -> oauth2
+			.oauth2Client((oauth2) -> oauth2
 				.clientRegistrationRepository(this.clientRegistrationRepository())
 				.authorizedClientRepository(this.authorizedClientRepository())
 				.authorizedClientService(this.authorizedClientService())
-				.authorizationCodeGrant(codeGrant -> codeGrant
+				.authorizationCodeGrant((codeGrant) -> codeGrant
 					.authorizationRequestRepository(this.authorizationRequestRepository())
 					.authorizationRequestResolver(this.authorizationRequestResolver())
 					.accessTokenResponseClient(this.accessTokenResponseClient())

docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc

@@ -22,17 +22,17 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-			    .authorizationEndpoint(authorization -> authorization
+			.oauth2Login((oauth2) -> oauth2
+			    .authorizationEndpoint((authorization) -> authorization
 			            ...
 			    )
-			    .redirectionEndpoint(redirection -> redirection
+			    .redirectionEndpoint((redirection) -> redirection
 			            ...
 			    )
-			    .tokenEndpoint(token -> token
+			    .tokenEndpoint((token) -> token
 			            ...
 			    )
-			    .userInfoEndpoint(userInfo -> userInfo
+			    .userInfoEndpoint((userInfo) -> userInfo
 			            ...
 			    )
 			);
@@ -108,23 +108,23 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 			    .clientRegistrationRepository(this.clientRegistrationRepository())
 			    .authorizedClientRepository(this.authorizedClientRepository())
 			    .authorizedClientService(this.authorizedClientService())
 			    .loginPage("/login")
-			    .authorizationEndpoint(authorization -> authorization
+			    .authorizationEndpoint((authorization) -> authorization
 			        .baseUri(this.authorizationRequestBaseUri())
 			        .authorizationRequestRepository(this.authorizationRequestRepository())
 			        .authorizationRequestResolver(this.authorizationRequestResolver())
 			    )
-			    .redirectionEndpoint(redirection -> redirection
+			    .redirectionEndpoint((redirection) -> redirection
 			        .baseUri(this.authorizationResponseBaseUri())
 			    )
-			    .tokenEndpoint(token -> token
+			    .tokenEndpoint((token) -> token
 			        .accessTokenResponseClient(this.accessTokenResponseClient())
 			    )
-			    .userInfoEndpoint(userInfo -> userInfo
+			    .userInfoEndpoint((userInfo) -> userInfo
 			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
 			        .userService(this.oauth2UserService())
 			        .oidcUserService(this.oidcUserService())
@@ -250,10 +250,10 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
+			.oauth2Login((oauth2) -> oauth2
 			    .loginPage("/login/oauth2")
 			    ...
-			    .authorizationEndpoint(authorization -> authorization
+			    .authorizationEndpoint((authorization) -> authorization
 			        .baseUri("/login/oauth2/authorization")
 			        ...
 			    )
@@ -345,8 +345,8 @@ public class OAuth2LoginSecurityConfig {
     @Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-			    .redirectionEndpoint(redirection -> redirection
+			.oauth2Login((oauth2) -> oauth2
+			    .redirectionEndpoint((redirection) -> redirection
 			        .baseUri("/login/oauth2/callback/*")
 			        ...
 			    )
@@ -469,8 +469,8 @@ public class OAuth2LoginSecurityConfig {
     @Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-			    .userInfoEndpoint(userInfo -> userInfo
+			.oauth2Login((oauth2) -> oauth2
+			    .userInfoEndpoint((userInfo) -> userInfo
 			        .userAuthoritiesMapper(this.userAuthoritiesMapper())
 			        ...
 			    )
@@ -636,8 +636,8 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-			    .userInfoEndpoint(userInfo -> userInfo
+			.oauth2Login((oauth2) -> oauth2
+			    .userInfoEndpoint((userInfo) -> userInfo
 			        .oidcUserService(this.oidcUserService())
 			        ...
 			    )
@@ -776,8 +776,8 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-			    .userInfoEndpoint(userInfo -> userInfo
+			.oauth2Login((oauth2) -> oauth2
+			    .userInfoEndpoint((userInfo) -> userInfo
 			        .userService(this.oauth2UserService())
 			        ...
 			    )
@@ -844,8 +844,8 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.oauth2Login(oauth2 -> oauth2
-				.userInfoEndpoint(userInfo -> userInfo
+			.oauth2Login((oauth2) -> oauth2
+				.userInfoEndpoint((userInfo) -> userInfo
 				    .oidcUserService(this.oidcUserService())
 				    ...
 			    )
@@ -911,7 +911,7 @@ Java::
 @Bean
 public JwtDecoderFactory<ClientRegistration> idTokenDecoderFactory() {
 	OidcIdTokenDecoderFactory idTokenDecoderFactory = new OidcIdTokenDecoderFactory();
-	idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
+	idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> clientRegistration.HS256);
 	return idTokenDecoderFactory;
 }
 ----

docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc

@@ -332,7 +332,7 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -381,7 +381,7 @@ public class OAuth2LoginConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -475,7 +475,7 @@ public class OAuth2LoginConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());

docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc

@@ -57,11 +57,11 @@ public class OAuth2LoginSecurityConfig {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
-			.authorizeHttpRequests(authorize -> authorize
+			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults())
-			.logout(logout -> logout
+			.logout((logout) -> logout
 				.logoutSuccessHandler(oidcLogoutSuccessHandler())
 			);
 		return http.build();

docs/modules/ROOT/pages/servlet/oauth2/resource-server/bearer-tokens.adoc

@@ -69,7 +69,7 @@ Java::
 DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
 resolver.setAllowFormEncodedBodyParameter(true);
 http
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .bearerTokenResolver(resolver)
     );
 ----
@@ -176,7 +176,7 @@ Java::
 ----
 this.rest.get()
         .uri("https://other-service.example.com/endpoint")
-        .headers(headers -> headers.setBearerAuth(overridingToken))
+        .headers((headers) -> headers.setBearerAuth(overridingToken))
         .retrieve()
         .bodyToMono(String.class)
         .block()

docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc

@@ -174,7 +174,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http
-        .authorizeHttpRequests(authorize -> authorize
+        .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
         .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
@@ -220,12 +220,12 @@ public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers("/messages/**").access(hasScope("message:read"))
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .jwt((jwt) -> jwt
                     .jwtAuthenticationConverter(myConverter())
                 )
             );
@@ -355,11 +355,11 @@ public class DirectlyConfiguredJwkSetUri {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .jwt((jwt) -> jwt
                     .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
                 )
             );
@@ -425,11 +425,11 @@ public class DirectlyConfiguredJwtDecoder {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .jwt((jwt) -> jwt
                     .decoder(myCustomDecoder())
                 )
             );
@@ -875,12 +875,12 @@ public class DirectlyConfiguredJwkSetUri {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers("/contacts/**").access(hasScope("contacts"))
                 .requestMatchers("/messages/**").access(hasScope("messages"))
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
+            .oauth2ResourceServer((oauth2) -> oauth2
                 .jwt(Customizer.withDefaults())
             );
         return http.build();
@@ -1107,11 +1107,11 @@ public class CustomAuthenticationConverterConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .jwt((jwt) -> jwt
                     .jwtAuthenticationConverter(new CustomAuthenticationConverter())
                 )
             );

docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc

@@ -58,10 +58,10 @@ Java::
 [source,java,role="primary"]
 ----
 http
-    .authorizeHttpRequests(authorize -> authorize
+    .authorizeHttpRequests((authorize) -> authorize
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
     );
 ----
@@ -118,10 +118,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = JwtIssuer
     .fromTrustedIssuers("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
 
 http
-    .authorizeHttpRequests(authorize -> authorize
+    .authorizeHttpRequests((authorize) -> authorize
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
@@ -189,10 +189,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
         new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
 
 http
-    .authorizeHttpRequests(authorize -> authorize
+    .authorizeHttpRequests((authorize) -> authorize
         .anyRequest().authenticated()
     )
-    .oauth2ResourceServer(oauth2 -> oauth2
+    .oauth2ResourceServer((oauth2) -> oauth2
         .authenticationManagerResolver(authenticationManagerResolver)
     );
 ----
@@ -265,7 +265,7 @@ public class TenantJWSKeySelector
 
 	private JWSKeySelector<SecurityContext> fromTenant(String tenant) {
 		return Optional.ofNullable(this.tenants.findById(tenant)) <3>
-		        .map(t -> t.getAttrbute("jwks_uri"))
+		        .map((t) -> t.getAttrbute("jwks_uri"))
 				.map(this::fromUri)
 				.orElseThrow(() -> new IllegalArgumentException("unknown tenant"));
 	}

docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc

@@ -201,10 +201,10 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http
-        .authorizeHttpRequests(authorize -> authorize
+        .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
-        .oauth2ResourceServer(oauth2 -> oauth2
+        .oauth2ResourceServer((oauth2) -> oauth2
             .opaqueToken(Customizer.withDefaults())
         );
     return http.build();
@@ -249,12 +249,12 @@ public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers("/messages/**").access(hasScope("message:read"))
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspector(myIntrospector())
                 )
             );
@@ -400,11 +400,11 @@ public class DirectlyConfiguredIntrospectionUri {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspectionUri("https://idp.example.com/introspect")
                     .introspectionClientCredentials("client", "secret")
                 )
@@ -472,11 +472,11 @@ public class DirectlyConfiguredIntrospector {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .opaqueToken(opaqueToken -> opaqueToken
+            .oauth2ResourceServer((oauth2) -> oauth2
+                .opaqueToken((opaqueToken) -> opaqueToken
                     .introspector(myCustomIntrospector())
                 )
             );
@@ -564,12 +564,12 @@ public class MappedAuthorities {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorizeRequests -> authorizeRequests
+            .authorizeHttpRequests((authorizeRequests) -> authorizeRequests
                 .requestMatchers("/contacts/**").access(hasScope("contacts"))
                 .requestMatchers("/messages/**").access(hasScope("messages"))
                 .anyRequest().authenticated()
             )
-            .oauth2ResourceServer(oauth2 -> oauth2
+            .oauth2ResourceServer((oauth2) -> oauth2
                 .opaqueToken(Customizer.withDefaults())
             );
         return http.build();

docs/modules/ROOT/pages/servlet/saml2/login/authentication-requests.adoc

@@ -156,7 +156,7 @@ Java::
 ----
 RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("okta")
         // ...
-        .assertingPartyMetadata(party -> party
+        .assertingPartyMetadata((party) -> party
             // ...
             .wantAuthnRequestsSigned(false)
         )
@@ -239,7 +239,7 @@ Java::
 ----
 RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("okta")
         // ...
-        .assertingPartyMetadata(party -> party
+        .assertingPartyMetadata((party) -> party
             // ...
             .singleSignOnServiceBinding(Saml2MessageBinding.POST)
         )

docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc

@@ -148,10 +148,10 @@ public class SecurityConfig {
         );
 
         http
-            .authorizeHttpRequests(authz -> authz
+            .authorizeHttpRequests((authz) -> authz
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2 -> saml2
+            .saml2Login((saml2) -> saml2
                 .authenticationManager(new ProviderManager(authenticationProvider))
             );
         return http.build();
@@ -211,10 +211,10 @@ public class SecurityConfig {
                 .clockSkew(Duration.ofMinutes(10)).build();
 		authenticationProvider.setAssertionValidator(assertionValidator);
         http
-            .authorizeHttpRequests(authz -> authz
+            .authorizeHttpRequests((authz) -> authz
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2 -> saml2
+            .saml2Login((saml2) -> saml2
                 .authenticationManager(new ProviderManager(authenticationProvider))
             );
         return http.build();
@@ -409,10 +409,10 @@ public class SecurityConfig {
         });
 
         http
-            .authorizeHttpRequests(authz -> authz
+            .authorizeHttpRequests((authz) -> authz
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2 -> saml2
+            .saml2Login((saml2) -> saml2
                 .authenticationManager(new ProviderManager(authenticationProvider))
             );
         return http.build();
@@ -780,10 +780,10 @@ public class SecurityConfig {
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2 -> saml2
+            .saml2Login((saml2) -> saml2
                 .authenticationManager(authenticationManager)
             )
         ;

docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc

@@ -342,7 +342,7 @@ Java::
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http
-        .authorizeHttpRequests(authorize -> authorize
+        .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
         .saml2Login(withDefaults());
@@ -384,7 +384,7 @@ public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers("/messages/**").hasAuthority("ROLE_USER")
                 .anyRequest().authenticated()
             )
@@ -486,11 +486,11 @@ public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exc
     Saml2X509Credential credential = Saml2X509Credential.verification(certificate);
     RelyingPartyRegistration registration = RelyingPartyRegistration
             .withRegistrationId("example")
-            .assertingPartyMetadata(party -> party
+            .assertingPartyMetadata((party) -> party
                 .entityId("https://idp.example.com/issuer")
                 .singleSignOnServiceLocation("https://idp.example.com/SSO.saml2")
                 .wantAuthnRequestsSigned(false)
-                .verificationX509Credentials(c -> c.add(credential))
+                .verificationX509Credentials((c) -> c.add(credential))
             )
             .build();
     return new InMemoryRelyingPartyRegistrationRepository(registration);
@@ -549,11 +549,11 @@ public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests(authorize -> authorize
+            .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers("/messages/**").hasAuthority("ROLE_USER")
                 .anyRequest().authenticated()
             )
-            .saml2Login(saml2 -> saml2
+            .saml2Login((saml2) -> saml2
                 .relyingPartyRegistrationRepository(relyingPartyRegistrations())
             );
         return http.build();
@@ -699,11 +699,11 @@ Java::
 ----
 RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("my-id")
         .entityId("{baseUrl}/{registrationId}")
-        .decryptionX509Credentials(c -> c.add(relyingPartyDecryptingCredential()))
+        .decryptionX509Credentials((c) -> c.add(relyingPartyDecryptingCredential()))
         .assertionConsumerServiceLocation("/my-login-endpoint/{registrationId}")
-        .assertingPartyMetadata(party -> party
+        .assertingPartyMetadata((party) -> party
                 .entityId("https://ap.example.org")
-                .verificationX509Credentials(c -> c.add(assertingPartyVerifyingCredential()))
+                .verificationX509Credentials((c) -> c.add(assertingPartyVerifyingCredential()))
                 .singleSignOnServiceLocation("https://ap.example.org/SSO.saml2")
         )
         .build();
@@ -913,7 +913,7 @@ private RelyingPartyRegistration.Builder
         addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
 
     Saml2X509Credential signingCredential = ...
-    builder.signingX509Credentials(c -> c.addAll(signingCredential));
+    builder.signingX509Credentials((c) -> c.addAll(signingCredential));
     // ... other relying party configurations
 }
 

docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc

@@ -228,7 +228,7 @@ Java::
 mvc
     .perform(get("/endpoint")
         .with(oidcLogin()
-                .idToken(token -> token.claim("user_id", "1234"))
+                .idToken((token) -> token.claim("user_id", "1234"))
         )
     );
 ----
@@ -475,7 +475,7 @@ Java::
 mvc
     .perform(get("/endpoint")
         .with(oauth2Login()
-                .attributes(attrs -> attrs.put("user_id", "1234"))
+                .attributes((attrs) -> attrs.put("user_id", "1234"))
         )
     );
 ----
@@ -875,7 +875,7 @@ Java::
 ----
 mvc
     .perform(get("/endpoint")
-        .with(jwt().jwt(jwt -> jwt.header("kid", "one").claim("iss", "https://idp.example.org"))));
+        .with(jwt().jwt((jwt) -> jwt.header("kid", "one").claim("iss", "https://idp.example.org"))));
 ----
 
 Kotlin::
@@ -898,7 +898,7 @@ Java::
 ----
 mvc
     .perform(get("/endpoint")
-        .with(jwt().jwt(jwt -> jwt.claims(claims -> claims.remove("scope")))));
+        .with(jwt().jwt((jwt) -> jwt.claims((claims) -> claims.remove("scope")))));
 ----
 
 Kotlin::
@@ -1219,7 +1219,7 @@ Java::
 mvc
     .perform(get("/endpoint")
         .with(opaqueToken()
-                .attributes(attrs -> attrs.put("user_id", "1234"))
+                .attributes((attrs) -> attrs.put("user_id", "1234"))
         )
     );
 ----

docs/modules/ROOT/partials/reactive/oauth2/client/web-client-access-token-response-client.adoc

@@ -270,7 +270,7 @@ BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> bodyExtractor
 	BodyExtractors.toMono(new ParameterizedTypeReference<>() {});
 accessTokenResponseClient.setBodyExtractor((inputMessage, context) ->
 	bodyExtractor.extract(inputMessage, context)
-		.map(parameters -> OAuth2AccessTokenResponse.withToken("custom-token")
+		.map((parameters) -> parameters.withToken("custom-token")
 			// ...
 			.build()
 		)

docs/src/test/java/org/springframework/security/docs/reactive/authentication/reactivex509/CustomX509Configuration.java

@@ -59,11 +59,11 @@ public class CustomX509Configuration {
 
 		// @formatter:off
 		http
-			.x509(x509 -> x509
+			.x509((x509) -> x509
 				.principalExtractor(principalExtractor)
 				.authenticationManager(authenticationManager)
 			)
-			.authorizeExchange(exchanges -> exchanges
+			.authorizeExchange((exchanges) -> exchanges
 				.anyExchange().authenticated()
 			);
 		// @formatter:on

docs/src/test/java/org/springframework/security/docs/reactive/authentication/reactivex509/DefaultX509Configuration.java

@@ -44,7 +44,7 @@ public class DefaultX509Configuration {
 		// @formatter:off
 		http
 			.x509(Customizer.withDefaults())
-			.authorizeExchange(exchanges -> exchanges
+			.authorizeExchange((exchanges) -> exchanges
 				.anyExchange().authenticated()
 			);
 		// @formatter:on

docs/src/test/java/org/springframework/security/docs/servlet/authentication/servletx509config/DefaultX509Configuration.java

@@ -44,7 +44,7 @@ public class DefaultX509Configuration {
 		// @formatter:off
 		http
 			.x509(Customizer.withDefaults())
-			.authorizeHttpRequests(exchanges -> exchanges
+			.authorizeHttpRequests((exchanges) -> exchanges
 				.anyRequest().authenticated()
 			);
 		// @formatter:on