diff --git a/build.gradle b/build.gradle
index f4c19fa5..4d722783 100644
--- a/build.gradle
+++ b/build.gradle
@@ -122,6 +122,12 @@ tasks.named('jar') {
     archiveClassifier.set('')
 }
 
+// Configure Javadoc to suppress warnings for missing constructor documentation
+// This is necessary because Lombok generates constructors that cannot be documented
+tasks.withType(Javadoc).configureEach {
+    options.addStringOption('Xdoclint:all,-missing', '-quiet')
+}
+
 def registerJdkTestTask(name, jdkVersion) {
     tasks.register(name, Test) {
         javaLauncher.set(javaToolchains.launcherFor {
diff --git a/lombok.config b/lombok.config
new file mode 100644
index 00000000..eabab1e3
--- /dev/null
+++ b/lombok.config
@@ -0,0 +1,6 @@
+# This file configures Lombok for the project
+# See https://projectlombok.org/features/configuration
+
+# Add @Generated annotation to all Lombok-generated code
+# This suppresses Javadoc warnings about missing constructor documentation
+lombok.addLombokGeneratedAnnotation = true
diff --git a/src/main/java/com/digitalsanctuary/spring/user/UserAutoConfigurationRegistrar.java b/src/main/java/com/digitalsanctuary/spring/user/UserAutoConfigurationRegistrar.java
index 9a9ec2b1..8c7d8d94 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/UserAutoConfigurationRegistrar.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/UserAutoConfigurationRegistrar.java
@@ -6,12 +6,12 @@
 import org.springframework.core.type.AnnotationMetadata;
 
 /**
- * {@code UserAutoConfigurationRegistrar} dynamically registers the base package of this library with Spring Boot to ensure that its entities,
+ * Dynamically registers the base package of this library with Spring Boot to ensure that its entities,
  * repositories, and other Spring-managed components are properly detected and included in the application context.
  *
  * <p>
- * This class is designed to simplify the integration of the library into Spring Boot applications by automatically registering the library's base
- * package (<i>com.digitalsanctuary.spring.user</i>) for component scanning. It ensures that:
+ * This class simplifies integration by automatically registering the library's base
+ * package ({@code com.digitalsanctuary.spring.user}) for component scanning. It ensures that:
  * <ul>
  * <li>The library's repositories and entities are discovered and configured correctly.</li>
  * <li>The consuming application retains its ability to automatically detect its own repositories and entities.</li>
diff --git a/src/main/java/com/digitalsanctuary/spring/user/UserConfiguration.java b/src/main/java/com/digitalsanctuary/spring/user/UserConfiguration.java
index 6fa65602..fd55bc00 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/UserConfiguration.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/UserConfiguration.java
@@ -11,9 +11,11 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The UserConfiguration class is a Spring Boot configuration class that provides configuration for the DigitalSanctuary Spring Boot User Framework
- * Library. This class is used to configure the user framework library, including enabling asynchronous processing and scheduling, and scanning for
- * components and repositories.
+ * Main auto-configuration class for the DigitalSanctuary Spring Boot User Framework Library.
+ * Enables asynchronous processing, retry support, scheduling, method-level security,
+ * and component scanning for the user framework package.
+ *
+ * @see UserAutoConfigurationRegistrar
  */
 @Slf4j
 @Configuration
diff --git a/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java b/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java
index 0aa3b9ab..0d1e7652 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java
@@ -38,8 +38,16 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * REST controller for managing user-related operations. This class handles user
- * registration, account deletion, and other user-related endpoints.
+ * REST API controller for user management operations.
+ * <p>
+ * Provides JSON endpoints for user registration, authentication, profile updates,
+ * password management, and account deletion. All endpoints are mapped under
+ * {@code /user} and return JSON responses.
+ * </p>
+ *
+ * @author Devon Hillard
+ * @see UserService
+ * @see UserEmailService
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/audit/AuditConfig.java b/src/main/java/com/digitalsanctuary/spring/user/audit/AuditConfig.java
index c2441bb4..0ff8bc2d 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/audit/AuditConfig.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/audit/AuditConfig.java
@@ -6,8 +6,17 @@
 import lombok.Data;
 
 /**
- * The AuditConfig class is a Spring Boot configuration class that provides properties for configuring user audit logging. This class is used to
- * define properties that control the behavior of the audit logging, such as the log file path and the flush rate.
+ * Configuration properties for the user audit logging system.
+ *
+ * <p>This class defines properties that control the behavior of audit logging,
+ * including the log file path, flush behavior, and event logging toggle.
+ * Properties are bound from the {@code user.audit.*} prefix in application configuration.
+ *
+ * <p>The class uses Lombok's {@code @Data} annotation which generates getters, setters,
+ * and a default no-argument constructor.
+ *
+ * @see AuditLogWriter
+ * @see AuditEventListener
  */
 @Data
 @Component
diff --git a/src/main/java/com/digitalsanctuary/spring/user/audit/AuditEventListener.java b/src/main/java/com/digitalsanctuary/spring/user/audit/AuditEventListener.java
index 6898b22a..b6208551 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/audit/AuditEventListener.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/audit/AuditEventListener.java
@@ -7,10 +7,19 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * This class processes AuditEvents. This class writes the AuditEvent data to a text file on the server. You could easily change the logic to write to
- * a database, send events to a REST API, or anything else.
+ * Spring event listener that processes {@link AuditEvent} instances asynchronously.
+ *
+ * <p>This component listens for audit events and delegates the writing of event data
+ * to an {@link AuditLogWriter} implementation. The processing is asynchronous to avoid
+ * impacting application performance.
+ *
+ * <p>The listener only processes events when audit logging is enabled via
+ * {@code AuditConfig.isLogEvents()}. All exceptions are caught and logged to ensure
+ * audit failures never impact application flow.
  *
  * @see AuditEvent
+ * @see AuditLogWriter
+ * @see AuditConfig
  */
 @Slf4j
 @Async
diff --git a/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogFlushScheduler.java b/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogFlushScheduler.java
index bc3134c9..0e109575 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogFlushScheduler.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogFlushScheduler.java
@@ -7,36 +7,30 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The FileAuditLogFlushScheduler class is a Spring Boot component that flushes the audit log buffer to the file. This class is used to ensure that
- * the audit log buffer is flushed periodically to balance performance with data integrity.
- * 
- * <p><strong>Conditional Activation Logic:</strong></p>
- * <p>This scheduler is only active when BOTH conditions are met:</p>
+ * Scheduled task that periodically flushes the audit log buffer to disk.
+ *
+ * <p>This component ensures buffered audit data is written to the file at regular intervals,
+ * balancing write performance with data integrity.
+ *
+ * <p><strong>Conditional Activation:</strong> This scheduler is only active when both conditions are met:
  * <ul>
- *   <li><code>user.audit.logEvents=true</code> (audit logging is enabled) AND</li>
- *   <li><code>user.audit.flushOnWrite=false</code> (immediate flush is disabled)</li>
+ *   <li>{@code user.audit.logEvents=true} - audit logging is enabled</li>
+ *   <li>{@code user.audit.flushOnWrite=false} - immediate flush is disabled</li>
  * </ul>
- * 
- * <p><strong>Why this conditional logic?</strong></p>
- * <ul>
- *   <li>If audit logging is disabled (<code>logEvents=false</code>), no scheduler is needed</li>
- *   <li>If flush-on-write is enabled (<code>flushOnWrite=true</code>), logs are flushed immediately after each write, 
- *       so periodic flushing is unnecessary and would be redundant</li>
- *   <li>Only when audit logging is enabled AND flush-on-write is disabled do we need this periodic scheduler 
- *       to ensure buffered data gets written to disk at regular intervals</li>
- * </ul>
- * 
- * <p>The flush frequency is controlled by <code>user.audit.flushRate</code> (in milliseconds).</p>
+ *
+ * <p>When flush-on-write is enabled, logs are flushed immediately after each write,
+ * making this scheduler unnecessary. The flush frequency is controlled by
+ * {@code user.audit.flushRate} (in milliseconds).
+ *
+ * @see FileAuditLogWriter
+ * @see AuditConfig
  */
 @Slf4j
 @Component
-@RequiredArgsConstructor
 @ConditionalOnExpression("${user.audit.logEvents:true} && !${user.audit.flushOnWrite:true}")
+@RequiredArgsConstructor
 public class FileAuditLogFlushScheduler {
 
-    /**
-     * The file audit log writer. This is the writer that is used to write audit log events to the file.
-     */
     private final FileAuditLogWriter fileAuditLogWriter;
 
     /**
diff --git a/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogWriter.java b/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogWriter.java
index 27819b3c..43c59a85 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogWriter.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/audit/FileAuditLogWriter.java
@@ -16,8 +16,22 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Implementation of {@link AuditLogWriter} that writes audit logs to a file. This class handles the lifecycle of the log file, including opening,
- * writing, and closing the file. It also supports scheduled flushing of the buffer to balance performance with data integrity.
+ * File-based implementation of {@link AuditLogWriter} that writes audit events to a log file.
+ *
+ * <p>This component manages the complete lifecycle of the audit log file, including:
+ * <ul>
+ *   <li>Opening and creating the log file on startup ({@code @PostConstruct})</li>
+ *   <li>Writing formatted audit events with pipe-delimited fields</li>
+ *   <li>Periodic buffer flushing via {@link FileAuditLogFlushScheduler}</li>
+ *   <li>Graceful cleanup on shutdown ({@code @PreDestroy})</li>
+ * </ul>
+ *
+ * <p>If the configured log path is not writable, the writer falls back to a temporary
+ * directory location.
+ *
+ * @see AuditLogWriter
+ * @see AuditConfig
+ * @see FileAuditLogFlushScheduler
  */
 @Slf4j
 @Component
diff --git a/src/main/java/com/digitalsanctuary/spring/user/controller/UserActionController.java b/src/main/java/com/digitalsanctuary/spring/user/controller/UserActionController.java
index bb426dc6..e9c03e57 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/controller/UserActionController.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/controller/UserActionController.java
@@ -22,8 +22,16 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The UserActionController handles non-API, non-Page requests like token
- * validation links from emails.
+ * Controller that handles user action requests triggered by email links.
+ * <p>
+ * This controller processes token-based actions such as email verification
+ * during registration and password reset token validation. These endpoints
+ * are typically accessed when users click links in system-generated emails.
+ * </p>
+ *
+ * @author Devon Hillard
+ * @see UserService
+ * @see UserVerificationService
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/controller/UserPageController.java b/src/main/java/com/digitalsanctuary/spring/user/controller/UserPageController.java
index 8e4060b9..e01ec4a8 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/controller/UserPageController.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/controller/UserPageController.java
@@ -15,7 +15,14 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The UserPageController for the user management pages.
+ * MVC controller that serves user management HTML pages.
+ * <p>
+ * Handles page rendering for login, registration, password reset,
+ * profile update, and account management views. Each method returns
+ * a Thymeleaf template name for the corresponding user interface page.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Slf4j
 @RequiredArgsConstructor
@@ -143,10 +150,12 @@ public String forgotPasswordChange() {
 
 
 	/**
+	 * Displays the user profile update page with pre-populated user data.
+	 *
 	 * @param userDetails the user details
 	 * @param request the request
 	 * @param model the model
-	 * @return String
+	 * @return the view name for the update user page
 	 */
 	@GetMapping("${user.security.updateUserURI:/user/update-user.html}")
 	public String updateUser(@AuthenticationPrincipal DSUserDetails userDetails, final HttpServletRequest request,
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordDto.java b/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordDto.java
index 72a68197..f26e499f 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordDto.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordDto.java
@@ -6,8 +6,13 @@
 import lombok.ToString;
 
 /**
- * A new password dto. This object is used for password form actions (change password, forgot password token, save
- * password, etc..).
+ * Data Transfer Object for password change operations.
+ * <p>
+ * Used for password form actions including change password and forgot password token flows.
+ * Contains the old password, new password, and optional reset token.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Data
 public class PasswordDto {
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordResetRequestDto.java b/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordResetRequestDto.java
index 73e057a6..8f2a9a2c 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordResetRequestDto.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dto/PasswordResetRequestDto.java
@@ -6,7 +6,13 @@
 import lombok.Data;
 
 /**
- * DTO for password reset requests. Contains only the email field needed for initiating a password reset.
+ * Data Transfer Object for initiating password reset requests.
+ * <p>
+ * Contains only the email field needed to start the password reset flow.
+ * The email is validated for format and length constraints.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Data
 public class PasswordResetRequestDto {
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dto/SavePasswordDto.java b/src/main/java/com/digitalsanctuary/spring/user/dto/SavePasswordDto.java
index 4a7ac649..66145eb5 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dto/SavePasswordDto.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dto/SavePasswordDto.java
@@ -6,8 +6,12 @@
 
 /**
  * Data Transfer Object for saving a new password after password reset.
+ * <p>
  * Used in the password reset flow after the user clicks the link in their email
- * and enters a new password.
+ * and enters a new password. Contains the reset token and the new password with confirmation.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Data
 public class SavePasswordDto {
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dto/UserDto.java b/src/main/java/com/digitalsanctuary/spring/user/dto/UserDto.java
index ff503b55..a30d58d6 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dto/UserDto.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dto/UserDto.java
@@ -8,8 +8,14 @@
 import lombok.ToString;
 
 /**
- * A user dto. This object is used for handling user related form data (registration, forms passing in email addresses,
- * etc...).
+ * Data Transfer Object for user registration and related form data.
+ * <p>
+ * Used for handling user registration forms and related operations. Contains user details
+ * including name, email, password with confirmation, and optional role assignment.
+ * Validated using {@link PasswordMatches} to ensure password confirmation matches.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Data
 @PasswordMatches
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dto/UserProfileUpdateDto.java b/src/main/java/com/digitalsanctuary/spring/user/dto/UserProfileUpdateDto.java
index 2cf42698..f699c837 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dto/UserProfileUpdateDto.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dto/UserProfileUpdateDto.java
@@ -5,8 +5,13 @@
 import lombok.Data;
 
 /**
- * DTO for updating user profile information (first name, last name).
- * This is separate from UserDto to avoid requiring password fields during profile updates.
+ * Data Transfer Object for updating user profile information.
+ * <p>
+ * Contains only the editable profile fields (first name, last name).
+ * Separate from {@link UserDto} to avoid requiring password fields during profile updates.
+ * </p>
+ *
+ * @author Devon Hillard
  */
 @Data
 public class UserProfileUpdateDto {
diff --git a/src/main/java/com/digitalsanctuary/spring/user/exception/GlobalValidationExceptionHandler.java b/src/main/java/com/digitalsanctuary/spring/user/exception/GlobalValidationExceptionHandler.java
index 19e86ea7..ef11cf44 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/exception/GlobalValidationExceptionHandler.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/exception/GlobalValidationExceptionHandler.java
@@ -13,8 +13,9 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Global exception handler for validation errors. This class handles validation exceptions
- * and returns appropriate error responses for API endpoints.
+ * Global exception handler for validation errors across all API endpoints.
+ * Handles {@link MethodArgumentNotValidException} thrown by {@code @Valid} annotations
+ * and returns structured error responses with field-level validation details.
  */
 @Slf4j
 @ControllerAdvice
diff --git a/src/main/java/com/digitalsanctuary/spring/user/jobs/ExpiredTokenCleanJob.java b/src/main/java/com/digitalsanctuary/spring/user/jobs/ExpiredTokenCleanJob.java
index fbc0b930..9e3bb386 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/jobs/ExpiredTokenCleanJob.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/jobs/ExpiredTokenCleanJob.java
@@ -11,8 +11,12 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The ExpiredTokenCleanJob is a Service which purges expired registration email verification tokens and password reset tokens based on the schedule
- * defined in user.purgetokens.cron.expression in your application.properties.
+ * Scheduled job service that purges expired registration email verification tokens
+ * and password reset tokens. Runs on a cron schedule defined by the
+ * {@code user.purgetokens.cron.expression} property in application configuration.
+ *
+ * @see com.digitalsanctuary.spring.user.persistence.repository.VerificationTokenRepository
+ * @see com.digitalsanctuary.spring.user.persistence.repository.PasswordResetTokenRepository
  */
 @Slf4j
 @Service
diff --git a/src/main/java/com/digitalsanctuary/spring/user/listener/AuthenticationEventListener.java b/src/main/java/com/digitalsanctuary/spring/user/listener/AuthenticationEventListener.java
index 7cfb8c6f..387fd432 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/listener/AuthenticationEventListener.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/listener/AuthenticationEventListener.java
@@ -11,9 +11,18 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * This class is used to listen for authentication events and handle account lockout functionality if needed.
+ * Listens for Spring Security authentication events and manages account lockout functionality.
+ * Handles both successful and failed authentication attempts across different authentication
+ * types including form login, OAuth2, and OIDC.
  *
- * https://github.com/devondragon/SpringUserFramework/issues/29
+ * <p>
+ * This listener integrates with {@link LoginAttemptService} to track login attempts and
+ * enforce brute-force protection policies.
+ * </p>
+ *
+ * @see LoginAttemptService
+ * @see AuthenticationSuccessEvent
+ * @see AbstractAuthenticationFailureEvent
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/listener/RegistrationListener.java b/src/main/java/com/digitalsanctuary/spring/user/listener/RegistrationListener.java
index b47216da..86a2f347 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/listener/RegistrationListener.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/listener/RegistrationListener.java
@@ -10,9 +10,17 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * This listener handles OnRegistrationCompleteEvents, and sends a password verification email, if that feature is enabled.
+ * Listens for user registration events and sends verification emails when enabled.
+ * This listener handles {@link OnRegistrationCompleteEvent} instances asynchronously
+ * to avoid blocking the registration flow.
+ *
+ * <p>
+ * Email verification is controlled by the {@code user.registration.sendVerificationEmail}
+ * configuration property.
+ * </p>
  *
  * @see OnRegistrationCompleteEvent
+ * @see UserEmailService
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/profile/BaseUserProfile.java b/src/main/java/com/digitalsanctuary/spring/user/profile/BaseUserProfile.java
index 2726752c..203826e9 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/profile/BaseUserProfile.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/profile/BaseUserProfile.java
@@ -12,21 +12,33 @@
 import lombok.Data;
 
 /**
- * Base class for user profile entities that extend the core {@link User} functionality. This class provides the foundation for creating
- * application-specific user profiles with shared common attributes.
+ * Abstract base class for user profile entities that extend the core {@link User} functionality.
+ * Provides the foundation for creating application-specific user profiles with shared common attributes.
  *
  * <p>
- * This class uses {@code @MappedSuperclass} to allow inheritance of JPA mappings, enabling extending classes to add additional fields while
- * maintaining a consistent database structure. The profile shares its primary key with the associated {@link User} entity through the {@code @MapsId}
- * annotation.
+ * This class uses {@code @MappedSuperclass} to allow inheritance of JPA mappings, enabling
+ * extending classes to add additional fields while maintaining a consistent database structure.
+ * The profile shares its primary key with the associated {@link User} entity through the
+ * {@code @MapsId} annotation.
  * </p>
  *
- * Example implementation: {@code @Entity
+ * <p>
+ * Example implementation:
+ * </p>
  *
- * @Table(name = "customer_profile") public class CustomerProfile extends BaseUserProfile { private String customerType; private String
- * shippingPreference; private List<Order> orders; } }
+ * <pre>{@code
+ * @Entity
+ * @Table(name = "customer_profile")
+ * public class CustomerProfile extends BaseUserProfile {
+ *     private String customerType;
+ *     private String shippingPreference;
+ * }
+ * }</pre>
  *
- * Database Structure: - id/user_id (PK/FK to user_account table) - last_accessed (timestamp) - preferred_locale (varchar)
+ * <p>
+ * Database structure includes: id/user_id (PK/FK to user_account table), last_accessed (timestamp),
+ * and preferred_locale (varchar).
+ * </p>
  *
  * @see User
  * @see MappedSuperclass
diff --git a/src/main/java/com/digitalsanctuary/spring/user/profile/session/BaseSessionProfile.java b/src/main/java/com/digitalsanctuary/spring/user/profile/session/BaseSessionProfile.java
index 9f45a98d..a819feea 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/profile/session/BaseSessionProfile.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/profile/session/BaseSessionProfile.java
@@ -11,23 +11,23 @@
 import lombok.Data;
 
 /**
- * Base class for session-scoped user profile management. This class provides the foundation for maintaining user profile data within the session
- * context of a web application. It is designed to be extended by applications to add custom profile management functionality.
+ * Abstract base class for session-scoped user profile management.
+ * Provides the foundation for maintaining user profile data within the HTTP session
+ * context of a web application. Extend this class to add custom profile management functionality.
  *
  * <p>
- * This class is session-scoped and uses proxy mode TARGET_CLASS to ensure proper session management in a web environment. It maintains a reference to
- * the user's profile and tracks when it was last updated.
+ * This class is session-scoped and uses proxy mode TARGET_CLASS to ensure proper
+ * session management in a web environment. It maintains a reference to the user's
+ * profile and tracks when it was last updated.
  * </p>
  *
  * <p>
  * Example usage:
  * </p>
  *
- * <pre>
- * {@code
+ * <pre>{@code
  * @Component
  * public class CustomSessionProfile extends BaseSessionProfile<CustomUserProfile> {
- *     // Add custom methods for your application
  *     public boolean hasSpecificPermission() {
  *         return getUserProfile().getPermissions().contains("SPECIFIC_PERMISSION");
  *     }
@@ -37,8 +37,7 @@
  * @param <T> the type of user profile, must extend BaseUserProfile
  *
  * @see BaseUserProfile
- * @see WebApplicationContext
- * @see Serializable
+ * @see WebApplicationContext#SCOPE_SESSION
  */
 @Data
 @Component
diff --git a/src/main/java/com/digitalsanctuary/spring/user/roles/RolePrivilegeSetupService.java b/src/main/java/com/digitalsanctuary/spring/user/roles/RolePrivilegeSetupService.java
index b169a737..951348df 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/roles/RolePrivilegeSetupService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/roles/RolePrivilegeSetupService.java
@@ -17,7 +17,12 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * A service to set up roles and privileges from a configuration when the application starts.
+ * Service that initializes roles and privileges from configuration on application startup.
+ * <p>
+ * Listens for {@link ContextRefreshedEvent} and creates or updates roles and privileges
+ * in the database based on the {@link RolesAndPrivilegesConfig} settings. This ensures
+ * that the configured role/privilege structure exists before the application handles requests.
+ * </p>
  */
 @Slf4j
 @Data
diff --git a/src/main/java/com/digitalsanctuary/spring/user/roles/RolesAndPrivilegesConfig.java b/src/main/java/com/digitalsanctuary/spring/user/roles/RolesAndPrivilegesConfig.java
index 44022214..8393f5e8 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/roles/RolesAndPrivilegesConfig.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/roles/RolesAndPrivilegesConfig.java
@@ -27,9 +27,12 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The RolesAndPrivilegesConfig class is a Spring Boot configuration class that provides properties for configuring user roles and privileges. This
- * class is used to define properties that control the behavior of the user roles and privileges, such as the role hierarchy and the mapping of roles
- * to privileges.
+ * Configuration properties for user roles and privileges.
+ * <p>
+ * Binds to properties with the {@code user.roles} prefix and provides mappings of roles
+ * to their associated privileges, as well as role hierarchy definitions. The Lombok
+ * {@code @Data} annotation generates a default no-argument constructor for property binding.
+ * </p>
  */
 @Slf4j
 @Data
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/AuthorityService.java b/src/main/java/com/digitalsanctuary/spring/user/service/AuthorityService.java
index 1e157cad..319a3c8f 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/AuthorityService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/AuthorityService.java
@@ -13,8 +13,14 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The AuthorityService class provides helper methods for generating Spring Security's GrantedAuthority objects from a collection of roles and
- * privileges.
+ * Service for generating Spring Security {@link GrantedAuthority} objects from user roles and privileges.
+ *
+ * <p>This service converts the application's role-based permission model into Spring Security's
+ * authority-based model by extracting privilege names from assigned roles.</p>
+ *
+ * @see GrantedAuthority
+ * @see Role
+ * @see Privilege
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/DSOAuth2UserService.java b/src/main/java/com/digitalsanctuary/spring/user/service/DSOAuth2UserService.java
index 8f681639..d7dbec9a 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/DSOAuth2UserService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/DSOAuth2UserService.java
@@ -18,24 +18,16 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
+ * OAuth2 user service implementation for handling OAuth2 authentication (Google, Facebook).
  *
- * This class is an implementation of the OAuth2UserService interface that is used to handle OAuth2 logins for a Spring Security application. It
- * provides methods to handle successful OAuth2 logins, register new users with OAuth2 accounts, update existing users with new OAuth2 information,
- * and retrieve user information from an OAuth2User object. This service is used in conjunction with Spring Security's OAuth2LoginConfigurer to enable
- * OAuth2 login functionality for a web application. The OAuth2LoginConfigurer configures Spring Security to authenticate users with an OAuth2
- * provider, and uses this service to handle the authentication process and retrieve user information from the provider. This class is annotated with
- * the @Service annotation to indicate that it is a Spring service that should be automatically detected and instantiated by the Spring container.
+ * <p>Handles the OAuth2 login flow by processing user information from OAuth2 providers,
+ * registering new users or updating existing ones, and creating the authentication principal.</p>
  *
- * @see org.springframework.security.oauth2.client.registration.ClientRegistration
- * @see org.springframework.security.oauth2.client.userinfo.OAuth2UserService
- * @see org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
- * @see org.springframework.security.oauth2.core.user.OAuth2User
- * @see org.springframework.security.oauth2.core.user.DefaultOAuth2User
- * @see org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- * @see org.springframework.security.core.userdetails.UserDetails
- * @see org.springframework.security.core.userdetails.User
- * @see com.digitalsanctuary.spring.user.persistence.model.User
- * @see com.digitalsanctuary.spring.user.persistence.repository.UserRepository
+ * <p>Supported providers: Google, Facebook. For OIDC providers like Keycloak, see {@link DSOidcUserService}.</p>
+ *
+ * @see OAuth2UserService
+ * @see DSOidcUserService
+ * @see DSUserDetails
  */
 @Slf4j
 @Service
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/DSOidcUserService.java b/src/main/java/com/digitalsanctuary/spring/user/service/DSOidcUserService.java
index b85daaa6..a84211ec 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/DSOidcUserService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/DSOidcUserService.java
@@ -17,24 +17,18 @@
 import org.springframework.stereotype.Service;
 
 /**
+ * OIDC user service implementation for handling OpenID Connect authentication (Keycloak).
  *
- * This class is an implementation of the OAuth2UserService interface that is used to handle Oidc logins for a Spring Security application. It
- * provides methods to handle successful Oidc logins, register new users with Oidc accounts, update existing users with new Oidc information,
- * and retrieve user information from an OidcUser object. This service is used in conjunction with Spring Security's OAuth2LoginConfigurer to enable
- * Oidc login functionality for a web application. The OAuth2LoginConfigurer configures Spring Security to authenticate users with an Oidc
- * provider, and uses this service to handle the authentication process and retrieve user information from the provider. This class is annotated with
- * the @Service annotation to indicate that it is a Spring service that should be automatically detected and instantiated by the Spring container.
+ * <p>Handles the OIDC login flow by processing user information from OIDC providers,
+ * registering new users or updating existing ones, and creating the authentication principal
+ * with OIDC-specific tokens and claims.</p>
+ *
+ * <p>Supported providers: Keycloak. For standard OAuth2 providers like Google and Facebook,
+ * see {@link DSOAuth2UserService}.</p>
  *
- * @see org.springframework.security.oauth2.client.registration.ClientRegistration
  * @see OAuth2UserService
- * @see OAuth2UserRequest
- * @see OAuth2User
- * @see org.springframework.security.oauth2.core.user.DefaultOAuth2User
- * @see org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- * @see org.springframework.security.core.userdetails.UserDetails
- * @see org.springframework.security.core.userdetails.User
- * @see User
- * @see UserRepository
+ * @see DSOAuth2UserService
+ * @see DSUserDetails
  */
 @Slf4j
 @Service
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/DSUserDetailsService.java b/src/main/java/com/digitalsanctuary/spring/user/service/DSUserDetailsService.java
index 2c2b9051..30574462 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/DSUserDetailsService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/DSUserDetailsService.java
@@ -10,8 +10,13 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * DSUserDetailsService is an implementation of Spring Security's UserDetailsService. It is responsible for loading user-specific data during
- * authentication.
+ * Spring Security {@link UserDetailsService} implementation for loading user authentication data.
+ *
+ * <p>This service retrieves user information from the database by email address and constructs
+ * the {@link DSUserDetails} object used by Spring Security during authentication.</p>
+ *
+ * @see UserDetailsService
+ * @see DSUserDetails
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/LoginAttemptService.java b/src/main/java/com/digitalsanctuary/spring/user/service/LoginAttemptService.java
index 78f31069..6a8f7fb9 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/LoginAttemptService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/LoginAttemptService.java
@@ -12,9 +12,17 @@
 
 
 /**
- * The LoginAttemptService can be used to track successful and failed logins by Username, and can be used to block attacks on user accounts. For IP
- * based blocking and rate limiting see Bucket4J and the Bucket4J Spring Boot Starter. More info can found here -
- * https://github.com/devondragon/SpringUserFramework/issues/57
+ * Service for tracking login attempts and implementing account lockout protection.
+ *
+ * <p>Tracks successful and failed login attempts per user account. When failed attempts exceed the
+ * configured threshold ({@code user.security.failedLoginAttempts}), the account is locked for the
+ * duration specified by {@code user.security.accountLockoutDuration}.</p>
+ *
+ * <p>For IP-based blocking and rate limiting, see Bucket4J and the Bucket4J Spring Boot Starter.
+ * More information: <a href="https://github.com/devondragon/SpringUserFramework/issues/57">GitHub Issue #57</a></p>
+ *
+ * @see User#failedLoginAttempts
+ * @see User#locked
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/LoginHelperService.java b/src/main/java/com/digitalsanctuary/spring/user/service/LoginHelperService.java
index 411eb602..93bcf0c2 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/LoginHelperService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/LoginHelperService.java
@@ -10,8 +10,15 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The LoginHelperService class provides helper methods for authenticating users after login. This class is used by the DSUserDetailsService and
- * DSOAuth2UserService classes to authenticate users after they have been successfully authenticated.
+ * Helper service for post-authentication user processing.
+ *
+ * <p>Provides common functionality used by {@link DSUserDetailsService} and {@link DSOAuth2UserService}
+ * after a user has been authenticated, including updating activity timestamps, checking account
+ * lockout status, and constructing the {@link DSUserDetails} object.</p>
+ *
+ * @see DSUserDetailsService
+ * @see DSOAuth2UserService
+ * @see DSUserDetails
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/LoginSuccessService.java b/src/main/java/com/digitalsanctuary/spring/user/service/LoginSuccessService.java
index f4429505..905ba76d 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/LoginSuccessService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/LoginSuccessService.java
@@ -17,7 +17,15 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The LoginSuccessService is called after a user successfully logs in.
+ * Service that handles successful user authentication events.
+ *
+ * <p>Extends {@link SavedRequestAwareAuthenticationSuccessHandler} to provide custom
+ * post-authentication processing including audit event publishing and redirect handling.
+ * Configurable via {@code user.security.loginSuccessURI} and
+ * {@code user.security.alwaysUseDefaultTargetUrl} properties.</p>
+ *
+ * @author Devon Hillard
+ * @see SavedRequestAwareAuthenticationSuccessHandler
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/LogoutSuccessService.java b/src/main/java/com/digitalsanctuary/spring/user/service/LogoutSuccessService.java
index 47782cd6..4e81131a 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/LogoutSuccessService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/LogoutSuccessService.java
@@ -17,7 +17,14 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The LogoutSuccessService is called when a user logs out successfully.
+ * Service that handles successful user logout events.
+ *
+ * <p>Extends {@link SimpleUrlLogoutSuccessHandler} to provide custom post-logout processing
+ * including audit event publishing and redirect handling. Configurable via the
+ * {@code user.security.logoutSuccessURI} property.</p>
+ *
+ * @author Devon Hillard
+ * @see SimpleUrlLogoutSuccessHandler
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java b/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java
index 67a1e25c..4f702b07 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java
@@ -39,13 +39,17 @@
 import java.util.Optional;
 
 /**
- * The PasswordPolicyService enforces configurable password validation rules
- * such as length, character types, similarity checks,
- * dictionary-based rejection, and password history. Built using Passay. More
- * info:
- * https://github.com/devondragon/SpringUserFramework/issues/158
- * 
+ * Service that enforces configurable password validation rules.
+ *
+ * <p>Validates passwords against configurable policies including length requirements,
+ * character type requirements (uppercase, lowercase, digits, special characters),
+ * similarity checks against username/email, dictionary-based rejection of common passwords,
+ * and password history to prevent reuse. Built using the Passay library.</p>
+ *
+ * <p>Configuration is done via {@code user.security.password.*} properties.</p>
+ *
  * @author Edamijueda
+ * @see <a href="https://github.com/devondragon/SpringUserFramework/issues/158">GitHub Issue #158</a>
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/SessionInvalidationService.java b/src/main/java/com/digitalsanctuary/spring/user/service/SessionInvalidationService.java
index fae53178..a1ff7942 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/SessionInvalidationService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/SessionInvalidationService.java
@@ -10,8 +10,11 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Service for invalidating user sessions. This is useful for admin-initiated password resets
- * and other security operations that require forcing users to re-authenticate.
+ * Service for invalidating user sessions.
+ *
+ * <p>Provides functionality to invalidate all active sessions for a given user, useful for
+ * admin-initiated password resets and other security operations that require forcing users
+ * to re-authenticate.</p>
  *
  * <p><strong>Race Condition Note:</strong> This service uses Spring's SessionRegistry to track
  * and invalidate sessions. Due to the nature of the SessionRegistry API, there is an inherent
@@ -19,6 +22,9 @@
  * but before {@link SessionInformation#expireNow()} completes will not be invalidated. This is
  * a known limitation of the SessionRegistry approach. For most use cases (admin password reset),
  * this is acceptable as the window is very small.</p>
+ *
+ * @author Devon Hillard
+ * @see SessionRegistry
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/UserEmailService.java b/src/main/java/com/digitalsanctuary/spring/user/service/UserEmailService.java
index d55fbcbc..93030743 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/UserEmailService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/UserEmailService.java
@@ -23,7 +23,19 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The UserEmailService class provides methods for sending emails to users for various purposes, such as registration verification and password reset.
+ * Service for sending user-related emails.
+ *
+ * <p>Provides methods for sending emails to users for various purposes including
+ * registration verification, password reset (both user-initiated and admin-initiated),
+ * and other account-related notifications. Uses secure token generation and URL validation
+ * to prevent injection attacks.</p>
+ *
+ * <p>Admin-initiated password resets require the {@code ADMIN} role and support optional
+ * session invalidation for enhanced security.</p>
+ *
+ * @author Devon Hillard
+ * @see MailService
+ * @see UserVerificationService
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/UserVerificationService.java b/src/main/java/com/digitalsanctuary/spring/user/service/UserVerificationService.java
index 7077375d..c413b3ca 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/service/UserVerificationService.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/service/UserVerificationService.java
@@ -11,8 +11,15 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The UserVerificationService class is a Spring service class that provides methods for managing user verification tokens. This class is used to
- * create, validate, and delete verification tokens for users.
+ * Service for managing user verification tokens.
+ *
+ * <p>Provides methods for creating, validating, and deleting verification tokens used
+ * during user registration and email verification workflows. Handles token expiration
+ * and automatic user enablement upon successful verification.</p>
+ *
+ * @author Devon Hillard
+ * @see VerificationToken
+ * @see UserService
  */
 @Slf4j
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/util/JSONResponse.java b/src/main/java/com/digitalsanctuary/spring/user/util/JSONResponse.java
index 98c2a48d..42fa1c76 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/util/JSONResponse.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/util/JSONResponse.java
@@ -6,15 +6,14 @@
 import lombok.Singular;
 
 /**
- * Represents a standardized JSON response for API calls.
+ * Standardized JSON response object for REST API endpoints.
  * <p>
- * This class provides a builder to facilitate the creation of JSON response objects with various attributes.
- * The builder uses the {@code @Singular} annotation on the messages field, which means you can call 
- * {@code .message(String)} multiple times to add messages to the list, and the JSON will serialize 
- * as {@code "messages": ["message1", "message2", ...]}. 
+ * Provides a consistent structure for API responses including success status, messages,
+ * redirect URLs, and data payloads. Use the Lombok-generated builder to construct instances.
  * </p>
  * <p>
  * Example usage:
+ * </p>
  * <pre>
  * JSONResponse response = JSONResponse.builder()
  *     .success(true)
@@ -22,7 +21,6 @@
  *     .message("Data saved successfully")
  *     .data(resultObject)
  *     .build();
- * // Results in JSON: {"success": true, "messages": ["Operation completed", "Data saved successfully"], ...}
  * </pre>
  *
  * @author Devon Hillard
diff --git a/src/main/java/com/digitalsanctuary/spring/user/util/JpaAuditingConfig.java b/src/main/java/com/digitalsanctuary/spring/user/util/JpaAuditingConfig.java
index f728c595..af0663fb 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/util/JpaAuditingConfig.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/util/JpaAuditingConfig.java
@@ -12,7 +12,13 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Configuration class for JPA Auditing. Enables JPA Auditing and provides an implementation of AuditorAware to capture the current auditor.
+ * Configuration class for JPA Auditing.
+ * <p>
+ * Enables JPA Auditing and provides an implementation of {@link AuditorAware} to capture
+ * the current auditor from the Spring Security context. This allows JPA entities using
+ * {@code @CreatedBy} and {@code @LastModifiedBy} annotations to automatically track
+ * which user created or modified them.
+ * </p>
  */
 @Slf4j
 @Configuration
diff --git a/src/main/java/com/digitalsanctuary/spring/user/util/LiveReloadGlobalControllerAdvice.java b/src/main/java/com/digitalsanctuary/spring/user/util/LiveReloadGlobalControllerAdvice.java
index 0b5a8f49..2e75c1e4 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/util/LiveReloadGlobalControllerAdvice.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/util/LiveReloadGlobalControllerAdvice.java
@@ -5,10 +5,11 @@
 import org.springframework.web.bind.annotation.ModelAttribute;
 
 /**
- * Provides a global advice for controllers to include LiveReload configuration details.
+ * Global controller advice that provides LiveReload configuration to all views.
  * <p>
- * This advice will make the LiveReload port available to all controllers and views in the application. It is used on the layout.html template to
- * include the LiveReload script in dev and local environments.
+ * This advice makes the LiveReload port available as a model attribute to all controllers,
+ * enabling the layout template to include the LiveReload script in development environments.
+ * The port is determined based on whether HTTPS is enabled.
  * </p>
  *
  * @author Devon Hillard
diff --git a/src/main/java/com/digitalsanctuary/spring/user/util/PasswordHashTimeTester.java b/src/main/java/com/digitalsanctuary/spring/user/util/PasswordHashTimeTester.java
index d49f4613..2566f3fc 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/util/PasswordHashTimeTester.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/util/PasswordHashTimeTester.java
@@ -10,8 +10,13 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The PasswordHashTimeTester class is a Spring Boot service class that tests the time it takes to hash a password. This class is used to test the
- * performance of the password hashing algorithm and provide feedback on the security and usability trade-offs of the password hashing configuration.
+ * Service that benchmarks password hashing performance on application startup.
+ * <p>
+ * Measures the time required to hash passwords using the configured {@link PasswordEncoder}
+ * and logs the results. This helps administrators tune the {@code user.security.bcryptStrength}
+ * property to balance security (slower hashing) with usability (reasonable response times).
+ * The target is approximately 1000ms per hash operation.
+ * </p>
  */
 @Slf4j
 @Service
diff --git a/src/main/java/com/digitalsanctuary/spring/user/validation/PasswordMatchesValidator.java b/src/main/java/com/digitalsanctuary/spring/user/validation/PasswordMatchesValidator.java
index 52f0ff58..7dec016f 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/validation/PasswordMatchesValidator.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/validation/PasswordMatchesValidator.java
@@ -5,8 +5,11 @@
 import jakarta.validation.ConstraintValidatorContext;
 
 /**
- * Validator implementation for the PasswordMatches constraint.
- * Validates that the password and matchingPassword fields in a UserDto are equal.
+ * Validator implementation for the {@link PasswordMatches} constraint annotation.
+ * Validates that the password and matchingPassword fields in a {@link UserDto} are equal.
+ *
+ * @see PasswordMatches
+ * @see UserDto
  */
 public class PasswordMatchesValidator implements ConstraintValidator<PasswordMatches, Object> {
     
diff --git a/src/main/java/com/digitalsanctuary/spring/user/web/GlobalMessageControllerAdvice.java b/src/main/java/com/digitalsanctuary/spring/user/web/GlobalMessageControllerAdvice.java
index 8869c897..e328bf73 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/web/GlobalMessageControllerAdvice.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/web/GlobalMessageControllerAdvice.java
@@ -9,7 +9,18 @@
 import lombok.RequiredArgsConstructor;
 
 /**
- * Global advice to handle common model attributes across all controllers.
+ * Controller advice that provides global model attributes across all MVC controllers.
+ *
+ * <p>This class handles automatic resolution of message keys from request parameters,
+ * allowing controllers to redirect with a {@code messageKey} parameter that gets
+ * automatically resolved to a localized message and added to the model.</p>
+ *
+ * <p>Usage example: Redirect to {@code /somepage?messageKey=user.created.success} and
+ * the resolved message will be available as the {@code message} model attribute.</p>
+ *
+ * @author Devon Hillard
+ * @see org.springframework.web.bind.annotation.ControllerAdvice
+ * @see org.springframework.context.MessageSource
  */
 @ControllerAdvice(annotations = Controller.class)
 @RequiredArgsConstructor
diff --git a/src/main/java/com/digitalsanctuary/spring/user/web/GlobalUserModelInterceptor.java b/src/main/java/com/digitalsanctuary/spring/user/web/GlobalUserModelInterceptor.java
index 6fe935e6..96008ec6 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/web/GlobalUserModelInterceptor.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/web/GlobalUserModelInterceptor.java
@@ -15,7 +15,26 @@
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Interceptor to add the current user to the model for applicable requests.
+ * Spring MVC interceptor that conditionally adds the authenticated user to the model.
+ *
+ * <p>This interceptor supports two modes of operation controlled by
+ * {@link UserWebConfig#globalUserModelOptIn}:</p>
+ *
+ * <ul>
+ *   <li><strong>Opt-In Mode (default, globalUserModelOptIn=false):</strong> User is only added
+ *       to the model for controllers/methods annotated with {@link IncludeUserInModel}.</li>
+ *   <li><strong>Opt-Out Mode (globalUserModelOptIn=true):</strong> User is added to all views
+ *       by default, except those annotated with {@link ExcludeUserFromModel}.</li>
+ * </ul>
+ *
+ * <p>The user object is retrieved from the Spring Security context and added to the model
+ * as the {@code user} attribute when applicable.</p>
+ *
+ * @author Devon Hillard
+ * @see UserWebConfig
+ * @see IncludeUserInModel
+ * @see ExcludeUserFromModel
+ * @see org.springframework.web.servlet.HandlerInterceptor
  */
 @Slf4j
 @Component
diff --git a/src/main/java/com/digitalsanctuary/spring/user/web/WebInterceptorConfig.java b/src/main/java/com/digitalsanctuary/spring/user/web/WebInterceptorConfig.java
index 231f0309..b3e5c294 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/web/WebInterceptorConfig.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/web/WebInterceptorConfig.java
@@ -6,7 +6,15 @@
 import lombok.RequiredArgsConstructor;
 
 /**
- * Web configuration class for setting up interceptors
+ * Spring MVC configuration class that registers web interceptors for the user framework.
+ *
+ * <p>This configuration registers the {@link GlobalUserModelInterceptor} to handle
+ * automatic user model injection for MVC controllers. The interceptor is applied to
+ * all paths except static resources (CSS, JS, images, etc.).</p>
+ *
+ * @author Devon Hillard
+ * @see GlobalUserModelInterceptor
+ * @see org.springframework.web.servlet.config.annotation.WebMvcConfigurer
  */
 @Configuration
 @RequiredArgsConstructor