Checkstyle Fixes

- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394

cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java

@@ -40,9 +40,9 @@ import org.jasig.cas.client.authentication.AttributePrincipal;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java

@@ -37,9 +37,9 @@ import org.jasig.cas.client.proxy.ProxyRetriever;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java

@@ -47,9 +47,9 @@ import org.springframework.security.core.userdetails.UserDetails;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE,

config/src/main/java/org/springframework/security/config/Customizer.java

@@ -19,8 +19,8 @@ package org.springframework.security.config;
 /**
  * Callback interface that accepts a single input argument and returns no result.
  *
- * @author Eleftheria Stein
  * @param <T> the type of the input to the operation
+ * @author Eleftheria Stein
  * @since 5.2
  */
 @FunctionalInterface

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java

@@ -27,8 +27,8 @@ import org.springframework.security.config.annotation.authentication.builders.Au
  * {@link AuthenticationConfiguration} to configure the global
  * {@link AuthenticationManagerBuilder}.
  *
- * @since 5.0
  * @author Rob Winch
+ * @since 5.0
  */
 @Order(100)
 public abstract class GlobalAuthenticationConfigurerAdapter

config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java

@@ -30,10 +30,10 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
  * class is not intended to be imported manually rather it is imported automatically when
  * using {@link EnableWebSecurity} or {@link EnableGlobalMethodSecurity}.
  *
- * @see EnableWebSecurity
- * @see EnableGlobalMethodSecurity
  * @author Rob Winch
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see EnableGlobalMethodSecurity
  */
 @Configuration(proxyBeanMethods = false)
 @Role(BeanDefinition.ROLE_INFRASTRUCTURE)

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java

@@ -60,11 +60,11 @@ import org.springframework.util.Assert;
  * {@link WebSecurityConfigurer} and exposing it as a {@link Configuration}. This
  * configuration is imported when using {@link EnableWebSecurity}.
  *
- * @see EnableWebSecurity
- * @see WebSecurity
  * @author Rob Winch
  * @author Keesun Baik
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see WebSecurity
  */
 @Configuration(proxyBeanMethods = false)
 public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -87,8 +87,8 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
  * org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer, sample.OtherThatExtendsAbstractHttpConfigurer
  * </pre>
  *
- * @see EnableWebSecurity
  * @author Rob Winch
+ * @see EnableWebSecurity
  */
 @Order(100)
 public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -490,8 +490,8 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @return the {@link FeaturePolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 * @since 5.1
-	 * @see FeaturePolicyHeaderWriter
 	 * @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
+	 * @seeObjectPostProcessorConfiguration FeaturePolicyHeaderWriter
 	 */
 	@Deprecated
 	public FeaturePolicyConfig featurePolicy(String policyDirectives) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java

@@ -49,15 +49,15 @@ import org.springframework.util.Assert;
  * <li>{@link ClientRegistrationRepository}</li>
  * </ul>
  *
+ * @author Joe Grandja
+ * @since 5.0
+ * @see OAuth2AuthorizationRequestRedirectFilter
+ * @see ClientRegistrationRepository
  * @deprecated It is not recommended to use the implicit flow due to the inherent risks of
  * returning access tokens in an HTTP redirect without any confirmation that it has been
  * received by the client. See reference
  * <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit
  * Grant</a>.
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2AuthorizationRequestRedirectFilter
- * @see ClientRegistrationRepository
  */
 @Deprecated
 public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>>

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -683,10 +683,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		/**
 		 * Sets a custom {@link OAuth2User} type and associates it to the provided client
 		 * {@link ClientRegistration#getRegistrationId() registration identifier}.
-		 * @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
 		 * @param customUserType a custom {@link OAuth2User} type
 		 * @param clientRegistrationId the client registration identifier
 		 * @return the {@link UserInfoEndpointConfig} for further configuration
+		 * @deprecated See {@link CustomUserTypesOAuth2UserService} for alternative usage.
 		 */
 		@Deprecated
 		public UserInfoEndpointConfig customUserType(Class<? extends OAuth2User> customUserType,

config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java

@@ -37,9 +37,9 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  * {@link AuthenticationPrincipalArgumentResolver} as a
  * {@link HandlerMethodArgumentResolver}.
  *
- * @deprecated This is applied internally using SpringWebMvcImportSelector
  * @author Rob Winch
  * @since 3.2
+ * @deprecated This is applied internally using SpringWebMvcImportSelector
  */
 @Deprecated
 @Configuration(proxyBeanMethods = false)

config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java

@@ -79,8 +79,8 @@ import org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsSe
  * }
  * </pre>
  *
- * @since 4.0
  * @author Rob Winch
+ * @since 4.0
  */
 @Order(Ordered.HIGHEST_PRECEDENCE + 100)
 @Import(ObjectPostProcessorConfiguration.class)

core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java

@@ -40,9 +40,9 @@ import org.springframework.security.core.GrantedAuthority;
  * <i>Note: This class will save full class name into a property called @class</i>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE,

core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java

@@ -36,8 +36,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * called @class</i> <i>The cause and stackTrace are ignored in the serialization.</i>
  *
  * @author Yannick Lombardi
- * @see CoreJackson2Module
  * @since 5.0
+ * @see CoreJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace" })

core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java

@@ -44,8 +44,8 @@ import org.springframework.security.core.userdetails.User;
  * of all security modules.</b>
  *
  * @author Jitendra Singh.
- * @see SecurityJackson2Modules
  * @since 4.2
+ * @see SecurityJackson2Modules
  */
 @SuppressWarnings("serial")
 public class CoreJackson2Module extends SimpleModule {

core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java

@@ -47,9 +47,9 @@ import org.springframework.security.core.GrantedAuthority;
  * called @class</i>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java

@@ -32,9 +32,9 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE,

core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java

@@ -32,10 +32,10 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * </pre>
  *
  * @author Rob Winch
+ * @since 5.0.2
  * @see UnmodifiableListDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 5.0.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UnmodifiableListDeserializer.class)

core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java

@@ -32,10 +32,10 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see UnmodifiableSetDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UnmodifiableSetDeserializer.class)

core/src/main/java/org/springframework/security/jackson2/UserMixin.java

@@ -37,10 +37,10 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see UserDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UserDeserializer.class)

core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java

@@ -39,9 +39,9 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java

@@ -29,9 +29,9 @@ import org.springframework.util.Assert;
 /**
  * Simple expression configuration attribute for use in {@link Message} authorizations.
  *
- * @since 4.0
  * @author Rob Winch
  * @author Daniel Bustamante Ospina
+ * @since 4.0
  */
 @SuppressWarnings("serial")
 class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationContextPostProcessor<Message<?>> {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java

@@ -58,7 +58,6 @@ import org.springframework.util.CollectionUtils;
  *
  * @author Joe Grandja
  * @since 5.0
- * @deprecated Use {@link DefaultAuthorizationCodeTokenResponseClient}
  * @see OAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
@@ -71,6 +70,7 @@ import org.springframework.util.CollectionUtils;
  * @see <a target="_blank" href=
  * "https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response
  * (Authorization Code Grant)</a>
+ * @deprecated Use {@link DefaultAuthorizationCodeTokenResponseClient}
  */
 @Deprecated
 public class NimbusAuthorizationCodeTokenResponseClient

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -112,8 +112,8 @@ public final class ClientRegistration implements Serializable {
 
 	/**
 	 * Returns the uri (or uri template) for the redirection endpoint.
-	 * @deprecated Use {@link #getRedirectUri()} instead
 	 * @return the uri (or uri template) for the redirection endpoint
+	 * @deprecated Use {@link #getRedirectUri()} instead
 	 */
 	@Deprecated
 	public String getRedirectUriTemplate() {
@@ -445,10 +445,10 @@ public final class ClientRegistration implements Serializable {
 
 		/**
 		 * Sets the uri (or uri template) for the redirection endpoint.
-		 * @deprecated Use {@link #redirectUri(String)} instead
 		 * @param redirectUriTemplate the uri (or uri template) for the redirection
 		 * endpoint
 		 * @return the {@link Builder}
+		 * @deprecated Use {@link #redirectUri(String)} instead
 		 */
 		@Deprecated
 		public Builder redirectUriTemplate(String redirectUriTemplate) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserService.java

@@ -42,18 +42,18 @@ import org.springframework.web.client.RestTemplate;
  * {@link OAuth2User} type(s) keyed by {@code String}, which represents the
  * {@link ClientRegistration#getRegistrationId() Registration Id} of the Client.
  *
- * @deprecated It is recommended to use a delegation-based strategy of an
- * {@link OAuth2UserService} to support custom {@link OAuth2User} types, as it provides
- * much greater flexibility compared to this implementation. See the
- * <a target="_blank" href=
- * "https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login-advanced-map-authorities-oauth2userservice">reference
- * manual</a> for details on how to implement.
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserService
  * @see OAuth2UserRequest
  * @see OAuth2User
  * @see ClientRegistration
+ * @deprecated It is recommended to use a delegation-based strategy of an
+ * {@link OAuth2UserService} to support custom {@link OAuth2User} types, as it provides
+ * much greater flexibility compared to this implementation. See the
+ * <a target="_blank" href=
+ * "https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2login-advanced-map-authorities-oauth2userservice">reference
+ * manual</a> for details on how to implement.
  */
 @Deprecated
 public class CustomUserTypesOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserService.java

@@ -27,13 +27,13 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
  * {@link OAuth2UserRequest#getClientRegistration() Client} and returning an
  * {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
  *
+ * @param <R> The type of OAuth 2.0 User Request
+ * @param <U> The type of OAuth 2.0 User
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2UserRequest
  * @see OAuth2User
  * @see AuthenticatedPrincipal
- * @param <R> The type of OAuth 2.0 User Request
- * @param <U> The type of OAuth 2.0 User
  */
 @FunctionalInterface
 public interface OAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/ReactiveOAuth2UserService.java

@@ -29,13 +29,13 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
  * {@link OAuth2UserRequest#getClientRegistration() Client} and returning an
  * {@link AuthenticatedPrincipal} in the form of an {@link OAuth2User}.
  *
+ * @param <R> The type of OAuth 2.0 User Request
+ * @param <U> The type of OAuth 2.0 User
  * @author Rob Winch
  * @since 5.1
  * @see OAuth2UserRequest
  * @see OAuth2User
  * @see AuthenticatedPrincipal
- * @param <R> The type of OAuth 2.0 User Request
- * @param <U> The type of OAuth 2.0 User
  */
 @FunctionalInterface
 public interface ReactiveOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User> {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java

@@ -59,12 +59,12 @@ public interface AuthorizationRequestRepository<T extends OAuth2AuthorizationReq
 	/**
 	 * Removes and returns the {@link OAuth2AuthorizationRequest} associated to the
 	 * provided {@code HttpServletRequest} or if not available returns {@code null}.
-	 * @deprecated Use
-	 * {@link #removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)}
-	 * instead
 	 * @param request the {@code HttpServletRequest}
 	 * @return the removed {@link OAuth2AuthorizationRequest} or {@code null} if not
 	 * available
+	 * @deprecated Use
+	 * {@link #removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)}
+	 * instead
 	 */
 	@Deprecated
 	T removeAuthorizationRequest(HttpServletRequest request);

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java

@@ -156,6 +156,9 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	/**
 	 * Sets the client used when requesting an access token credential at the Token
 	 * Endpoint for the {@code client_credentials} grant.
+	 * @param clientCredentialsTokenResponseClient the client used when requesting an
+	 * access token credential at the Token Endpoint for the {@code client_credentials}
+	 * grant
 	 * @deprecated Use
 	 * {@link #OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)}
 	 * instead. Create an instance of
@@ -165,9 +168,6 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth
 	 * to
 	 * {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider)
 	 * DefaultOAuth2AuthorizedClientManager}.
-	 * @param clientCredentialsTokenResponseClient the client used when requesting an
-	 * access token credential at the Token Endpoint for the {@code client_credentials}
-	 * grant
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -355,6 +355,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	/**
 	 * Sets the {@link ReactiveOAuth2AccessTokenResponseClient} used for getting an
 	 * {@link OAuth2AuthorizedClient} for the client_credentials grant.
+	 * @param clientCredentialsTokenResponseClient the client to use
 	 * @deprecated Use
 	 * {@link #ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)}
 	 * instead. Create an instance of
@@ -364,7 +365,6 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	 * supply it to
 	 * {@link DefaultReactiveOAuth2AuthorizedClientManager#setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider)
 	 * DefaultReactiveOAuth2AuthorizedClientManager}.
-	 * @param clientCredentialsTokenResponseClient the client to use
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(
@@ -407,13 +407,13 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
 	/**
 	 * An access token will be considered expired by comparing its expiration to now +
 	 * this skewed Duration. The default is 1 minute.
+	 * @param accessTokenExpiresSkew the Duration to use.
 	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the
 	 * specific {@link ReactiveOAuth2AuthorizedClientProvider} implementation, e.g.
 	 * {@link ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration)
 	 * ClientCredentialsReactiveOAuth2AuthorizedClientProvider} or
 	 * {@link RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration)
 	 * RefreshTokenReactiveOAuth2AuthorizedClientProvider}.
-	 * @param accessTokenExpiresSkew the Duration to use.
 	 */
 	@Deprecated
 	public void setAccessTokenExpiresSkew(Duration accessTokenExpiresSkew) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -239,6 +239,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	/**
 	 * Sets the {@link OAuth2AccessTokenResponseClient} used for getting an
 	 * {@link OAuth2AuthorizedClient} for the client_credentials grant.
+	 * @param clientCredentialsTokenResponseClient the client to use
 	 * @deprecated Use
 	 * {@link #ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)}
 	 * instead. Create an instance of
@@ -248,7 +249,6 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	 * to
 	 * {@link DefaultOAuth2AuthorizedClientManager#setAuthorizedClientProvider(OAuth2AuthorizedClientProvider)
 	 * DefaultOAuth2AuthorizedClientManager}.
-	 * @param clientCredentialsTokenResponseClient the client to use
 	 */
 	@Deprecated
 	public void setClientCredentialsTokenResponseClient(
@@ -397,13 +397,13 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
 	/**
 	 * An access token will be considered expired by comparing its expiration to now +
 	 * this skewed Duration. The default is 1 minute.
+	 * @param accessTokenExpiresSkew the Duration to use.
 	 * @deprecated The {@code accessTokenExpiresSkew} should be configured with the
 	 * specific {@link OAuth2AuthorizedClientProvider} implementation, e.g.
 	 * {@link ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(Duration)
 	 * ClientCredentialsOAuth2AuthorizedClientProvider} or
 	 * {@link RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(Duration)
 	 * RefreshTokenOAuth2AuthorizedClientProvider}.
-	 * @param accessTokenExpiresSkew the Duration to use.
 	 */
 	@Deprecated
 	public void setAccessTokenExpiresSkew(Duration accessTokenExpiresSkew) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java

@@ -35,10 +35,10 @@ import org.springframework.web.server.ServerWebExchange;
  * {@link ServerWebExchange} is null and that the {@link Authentication} is either null or
  * anonymous to prevent using it incorrectly.
  *
- * @deprecated Use {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}
- * instead
  * @author Rob Winch
  * @since 5.1
+ * @deprecated Use {@link AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager}
+ * instead
  */
 @Deprecated
 public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java

@@ -42,11 +42,10 @@ public interface ClaimAccessor {
 	/**
 	 * Returns the claim value as a {@code T} type. The claim value is expected to be of
 	 * type {@code T}.
-	 *
-	 * @since 5.2
 	 * @param claim the name of the claim
 	 * @param <T> the type of the claim value
 	 * @return the claim value
+	 * @since 5.2
 	 */
 	@SuppressWarnings("unchecked")
 	default <T> T getClaim(String claim) {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java

@@ -34,6 +34,7 @@ import org.springframework.util.StringUtils;
  * @author Joe Grandja
  * @author Nikita Konev
  * @since 5.3
+ * @deprecated Use {@link DefaultMapOAuth2AccessTokenResponseConverter} instead
  */
 public final class MapOAuth2AccessTokenResponseConverter
 		implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java

@@ -32,6 +32,7 @@ import org.springframework.util.StringUtils;
  * @author Joe Grandja
  * @author Nikita Konev
  * @since 5.3
+ * @deprecated Use {@link DefaultOAuth2AccessTokenResponseMapConverter} instead
  */
 public final class OAuth2AccessTokenResponseMapConverter
 		implements Converter<OAuth2AccessTokenResponse, Map<String, String>> {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java

@@ -110,6 +110,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	 * parameters to an {@link OAuth2AccessTokenResponse}.
 	 * @param tokenResponseConverter the {@link Converter} used for converting to an
 	 * {@link OAuth2AccessTokenResponse}
+	 * @deprecated Use {@link #setAccessTokenResponseConverter(Converter)} instead
 	 */
 	public final void setTokenResponseConverter(
 			Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter) {
@@ -123,6 +124,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	 * Access Token Response parameters.
 	 * @param tokenResponseParametersConverter the {@link Converter} used for converting
 	 * to a {@code Map} representation of the Access Token Response parameters
+	 * @deprecated Use {@link #setAccessTokenResponseParametersConverter(Converter)}
+	 * instead
 	 */
 	public final void setTokenResponseParametersConverter(
 			Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter) {

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderFactory.java

@@ -20,11 +20,11 @@ package org.springframework.security.oauth2.jwt;
  * A factory for {@link JwtDecoder}(s). This factory should be supplied with a type that
  * provides contextual information used to create a specific {@code JwtDecoder}.
  *
+ * @param <C> The type that provides contextual information used to create a specific
+ * {@code JwtDecoder}.
  * @author Joe Grandja
  * @since 5.2
  * @see JwtDecoder
- * @param <C> The type that provides contextual information used to create a specific
- * {@code JwtDecoder}.
  */
 @FunctionalInterface
 public interface JwtDecoderFactory<C> {

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java

@@ -35,7 +35,6 @@ import org.springframework.web.client.RestOperations;
  * <p>
  * <b>NOTE:</b> This implementation uses the Nimbus JOSE + JWT SDK internally.
  *
- * @deprecated Use {@link NimbusJwtDecoder} or {@link JwtDecoders} instead
  * @author Joe Grandja
  * @author Josh Cummings
  * @since 5.0
@@ -49,6 +48,7 @@ import org.springframework.web.client.RestOperations;
  * (JWK)</a>
  * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus
  * JOSE + JWT SDK</a>
+ * @deprecated Use {@link NimbusJwtDecoder} or {@link JwtDecoders} instead
  */
 @Deprecated
 public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderFactory.java

@@ -21,11 +21,11 @@ package org.springframework.security.oauth2.jwt;
  * type that provides contextual information used to create a specific
  * {@code ReactiveJwtDecoder}.
  *
+ * @param <C> The type that provides contextual information used to create a specific
+ * {@code ReactiveJwtDecoder}.
  * @author Joe Grandja
  * @since 5.2
  * @see ReactiveJwtDecoder
- * @param <C> The type that provides contextual information used to create a specific
- * {@code ReactiveJwtDecoder}.
  */
 @FunctionalInterface
 public interface ReactiveJwtDecoderFactory<C> {

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimAccessor.java

@@ -33,6 +33,7 @@ import org.springframework.security.oauth2.core.ClaimAccessor;
  * @see OAuth2IntrospectionAuthenticatedPrincipal
  * @see <a target="_blank" href=
  * "https://tools.ietf.org/html/rfc7662#section-2.2">Introspection Response</a>
+ * @deprecated Use {@link OAuth2TokenIntrospectionClaimAccessor} instead
  */
 public interface OAuth2IntrospectionClaimAccessor extends ClaimAccessor {
 

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionClaimNames.java

@@ -23,6 +23,7 @@ package org.springframework.security.oauth2.server.resource.introspection;
  *
  * @author Josh Cummings
  * @since 5.2
+ * @deprecated Use {@link OAuth2TokenIntrospectionClaimNames} instead
  */
 public interface OAuth2IntrospectionClaimNames {
 

openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java

@@ -43,12 +43,12 @@ import org.openid4java.message.ax.FetchResponse;
 import org.springframework.util.StringUtils;
 
 /**
+ * @author Ray Krueger
+ * @author Luke Taylor
  * @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
  * <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
  * migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
  * supported by <code>spring-security-oauth2</code>.
- * @author Ray Krueger
- * @author Luke Taylor
  */
 @Deprecated
 @SuppressWarnings("unchecked")

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlSigningUtils.java

@@ -126,6 +126,10 @@ final class OpenSamlSigningUtils {
 		return credentials;
 	}
 
+	private OpenSamlSigningUtils() {
+
+	}
+
 	static class QueryParametersPartial {
 
 		final RelyingPartyRegistration registration;
@@ -166,8 +170,4 @@ final class OpenSamlSigningUtils {
 
 	}
 
-	private OpenSamlSigningUtils() {
-
-	}
-
 }

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java

@@ -85,6 +85,10 @@ final class OpenSamlVerificationUtils {
 				DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
 	}
 
+	private OpenSamlVerificationUtils() {
+
+	}
+
 	static class VerifierPartial {
 
 		private final String id;
@@ -210,8 +214,4 @@ final class OpenSamlVerificationUtils {
 
 	}
 
-	private OpenSamlVerificationUtils() {
-
-	}
-
 }

web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java

@@ -78,11 +78,11 @@ import org.springframework.web.method.support.ModelAndViewContainer;
  * }
  * </pre>
  *
+ * @author Rob Winch
+ * @since 3.2
  * @deprecated Use
  * {@link org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver}
  * instead.
- * @author Rob Winch
- * @since 3.2
  */
 @Deprecated
 public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver {

web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java

@@ -29,9 +29,9 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = CookieDeserializer.class)

web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java

@@ -31,9 +31,9 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see WebJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonIgnoreProperties(ignoreUnknown = true)

web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java

@@ -34,9 +34,9 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(builder = DefaultSavedRequest.Builder.class)

web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java

@@ -42,9 +42,9 @@ import org.springframework.security.jackson2.SimpleGrantedAuthorityMixin;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see Webackson2Module
  * @see SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java

@@ -33,9 +33,9 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * </pre>
  *
  * @author Jitendra Singh.
+ * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)

web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java

@@ -32,9 +32,9 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonIgnoreProperties(ignoreUnknown = true)

web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java

@@ -32,8 +32,8 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * </pre>
  *
  * @author Boris Finkelshteyn
- * @see WebServerJackson2Module
  * @since 5.1
+ * @see WebServerJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonIgnoreProperties(ignoreUnknown = true)