From 69a57cdc58814eaad024b48733f4e70a6eef04ff Mon Sep 17 00:00:00 2001 From: chanjin-lee Date: Sat, 17 Jan 2026 21:41:27 +0900 Subject: [PATCH 1/3] Core: Remove javadoc warnings Closes gh-18449 Signed-off-by: chanjin-lee --- core/spring-security-core.gradle | 1 + .../security/access/hierarchicalroles/RoleHierarchyUtils.java | 4 ++-- .../org/springframework/security/access/package-info.java | 2 +- .../security/authentication/AuthenticationTrustResolver.java | 2 +- .../security/core/SpringSecurityCoreVersion.java | 2 +- .../security/core/annotation/SecurityAnnotationScanner.java | 4 ++-- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/core/spring-security-core.gradle b/core/spring-security-core.gradle index 23fe149d7d1..76ef7f2870f 100644 --- a/core/spring-security-core.gradle +++ b/core/spring-security-core.gradle @@ -1,6 +1,7 @@ import java.util.concurrent.Callable plugins { + id 'javadoc-warnings-error' id 'security-nullability' } diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java index 5db6efb0282..1b77aef1650 100644 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java @@ -36,14 +36,14 @@ private RoleHierarchyUtils() { /** * Converts the supplied {@link Map} of role name to implied role name(s) to a string - * representation understood by {@link RoleHierarchyImpl#setHierarchy(String)}. The + * representation understood by {@code RoleHierarchyImpl#setHierarchy(String)}. The * map key is the role name and the map value is a {@link List} of implied role * name(s). * @param roleHierarchyMap the mapping(s) of role name to implied role name(s) * @return a string representation of a role hierarchy * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role * name is null or empty or if an implied role name(s) is null or empty - * @deprecated please see {@link RoleHierarchyImpl#setHierarchy} deprecation notice + * @deprecated please see {@code RoleHierarchyImpl#setHierarchy} deprecation notice */ @Deprecated public static String roleHierarchyFromMap(Map> roleHierarchyMap) { diff --git a/core/src/main/java/org/springframework/security/access/package-info.java b/core/src/main/java/org/springframework/security/access/package-info.java index 01ac014fe71..d9b0f81f0df 100644 --- a/core/src/main/java/org/springframework/security/access/package-info.java +++ b/core/src/main/java/org/springframework/security/access/package-info.java @@ -18,7 +18,7 @@ * Core access-control related code, including security metadata related classes, * interception code, access control annotations, EL support and voter-based * implementations of the central - * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} + * {@code AccessDecisionManager} * interface. */ @NullMarked diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java index fba8f77cb22..e16eb59fa30 100644 --- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java +++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java @@ -77,7 +77,7 @@ default boolean isFullyAuthenticated(@Nullable Authentication authentication) { * Checks if the {@link Authentication} is not null, authenticated, and not anonymous. * @param authentication the {@link Authentication} to check. * @return true if the {@link Authentication} is not null, - * {@link #isAnonymous(Authentication)} returns false, & + * {@link #isAnonymous(Authentication)} returns false, and * {@link Authentication#isAuthenticated()} is true. * @since 6.1.7 */ diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java index 726db080f35..ec93a6bcda3 100644 --- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java +++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java @@ -42,7 +42,7 @@ public final class SpringSecurityCoreVersion { /** * Global Serialization value for Spring Security classes. * @deprecated Please have each class use its own serialization version - * @see SpringSecurityCoreVersionSerializableTests + * For more details, refer to the {@code SpringSecurityCoreVersionSerializableTests} class. */ @Deprecated(forRemoval = true) public static final long SERIAL_VERSION_UID = 620L; diff --git a/core/src/main/java/org/springframework/security/core/annotation/SecurityAnnotationScanner.java b/core/src/main/java/org/springframework/security/core/annotation/SecurityAnnotationScanner.java index 441c9c4a01f..311204314ca 100644 --- a/core/src/main/java/org/springframework/security/core/annotation/SecurityAnnotationScanner.java +++ b/core/src/main/java/org/springframework/security/core/annotation/SecurityAnnotationScanner.java @@ -72,9 +72,9 @@ public interface SecurityAnnotationScanner { * attributable to the parameter. * *

- * Implementations should describe their strategy for searching the element and any + * Implementations should describe their strategy for searching the parameter and any * surrounding class, interfaces, or super-class. - * @param element the element to search + * @param parameter the parameter to search * @return the synthesized annotation or {@code null} if not found */ @Nullable A scan(Parameter parameter); From 0c398fe44ccd1b6565c8917d6cb7a3e88f771d35 Mon Sep 17 00:00:00 2001 From: chanjin-lee Date: Sun, 18 Jan 2026 15:46:07 +0900 Subject: [PATCH 2/3] Core: Fix Javadoc invalid references and improve clarity - Update package-info to reference AuthorizationManager instead of AccessDecisionManager - Improve RoleHierarchyUtils documentation with fromHierarchy() and builder-based alternatives - Refine AuthenticationTrustResolver return description by removing redundant comma and symbol Signed-off-by: chanjin-lee --- .../hierarchicalroles/RoleHierarchyUtils.java | 14 +++++++------- .../security/access/package-info.java | 5 ++--- .../AuthenticationTrustResolver.java | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java index 1b77aef1650..0bcb3695ee6 100644 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java @@ -36,14 +36,14 @@ private RoleHierarchyUtils() { /** * Converts the supplied {@link Map} of role name to implied role name(s) to a string - * representation understood by {@code RoleHierarchyImpl#setHierarchy(String)}. The - * map key is the role name and the map value is a {@link List} of implied role - * name(s). - * @param roleHierarchyMap the mapping(s) of role name to implied role name(s) + * representation understood by the role hierarchy parser. + * The map key is the role name and the map value is a {@link List} of implied role name(s). + * * @param roleHierarchyMap the mapping(s) of role name to implied role name(s) * @return a string representation of a role hierarchy - * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role - * name is null or empty or if an implied role name(s) is null or empty - * @deprecated please see {@code RoleHierarchyImpl#setHierarchy} deprecation notice + * @throws IllegalArgumentException if roleHierarchyMap is null or empty, or if a role + * name/implied role name is null or empty + * @deprecated Use {@link RoleHierarchyImpl#fromHierarchy(String)} or the builder-based + * approach instead of this manual conversion. */ @Deprecated public static String roleHierarchyFromMap(Map> roleHierarchyMap) { diff --git a/core/src/main/java/org/springframework/security/access/package-info.java b/core/src/main/java/org/springframework/security/access/package-info.java index d9b0f81f0df..2a830aa20c7 100644 --- a/core/src/main/java/org/springframework/security/access/package-info.java +++ b/core/src/main/java/org/springframework/security/access/package-info.java @@ -16,9 +16,8 @@ /** * Core access-control related code, including security metadata related classes, - * interception code, access control annotations, EL support and voter-based - * implementations of the central - * {@code AccessDecisionManager} + * interception code, access control annotations, EL support, and implementations + * of the central {@link org.springframework.security.authorization.AuthorizationManager AuthorizationManager} * interface. */ @NullMarked diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java index e16eb59fa30..7a33ba11ab4 100644 --- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java +++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java @@ -77,7 +77,7 @@ default boolean isFullyAuthenticated(@Nullable Authentication authentication) { * Checks if the {@link Authentication} is not null, authenticated, and not anonymous. * @param authentication the {@link Authentication} to check. * @return true if the {@link Authentication} is not null, - * {@link #isAnonymous(Authentication)} returns false, and + * {@link #isAnonymous(Authentication)} returns false and * {@link Authentication#isAuthenticated()} is true. * @since 6.1.7 */ From c009e9f79f18ed6803c1d02b2ff322ccefa0ee14 Mon Sep 17 00:00:00 2001 From: Robert Winch <362503+rwinch@users.noreply.github.com> Date: Wed, 21 Jan 2026 15:54:02 -0600 Subject: [PATCH 3/3] Run ./gradlew foramt Fixes formatting for gh-18516 --- .../access/hierarchicalroles/RoleHierarchyUtils.java | 10 +++++----- .../springframework/security/access/package-info.java | 6 +++--- .../security/core/SpringSecurityCoreVersion.java | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java index 0bcb3695ee6..375b1993cec 100644 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java @@ -36,14 +36,14 @@ private RoleHierarchyUtils() { /** * Converts the supplied {@link Map} of role name to implied role name(s) to a string - * representation understood by the role hierarchy parser. - * The map key is the role name and the map value is a {@link List} of implied role name(s). - * * @param roleHierarchyMap the mapping(s) of role name to implied role name(s) + * representation understood by the role hierarchy parser. The map key is the role + * name and the map value is a {@link List} of implied role name(s). * @param + * roleHierarchyMap the mapping(s) of role name to implied role name(s) * @return a string representation of a role hierarchy * @throws IllegalArgumentException if roleHierarchyMap is null or empty, or if a role * name/implied role name is null or empty - * @deprecated Use {@link RoleHierarchyImpl#fromHierarchy(String)} or the builder-based - * approach instead of this manual conversion. + * @deprecated Use {@link RoleHierarchyImpl#fromHierarchy(String)} or the + * builder-based approach instead of this manual conversion. */ @Deprecated public static String roleHierarchyFromMap(Map> roleHierarchyMap) { diff --git a/core/src/main/java/org/springframework/security/access/package-info.java b/core/src/main/java/org/springframework/security/access/package-info.java index 2a830aa20c7..83a3f7f0f03 100644 --- a/core/src/main/java/org/springframework/security/access/package-info.java +++ b/core/src/main/java/org/springframework/security/access/package-info.java @@ -16,9 +16,9 @@ /** * Core access-control related code, including security metadata related classes, - * interception code, access control annotations, EL support, and implementations - * of the central {@link org.springframework.security.authorization.AuthorizationManager AuthorizationManager} - * interface. + * interception code, access control annotations, EL support, and implementations of the + * central {@link org.springframework.security.authorization.AuthorizationManager + * AuthorizationManager} interface. */ @NullMarked package org.springframework.security.access; diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java index ec93a6bcda3..5e2405aeafb 100644 --- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java +++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java @@ -41,8 +41,8 @@ public final class SpringSecurityCoreVersion { /** * Global Serialization value for Spring Security classes. - * @deprecated Please have each class use its own serialization version - * For more details, refer to the {@code SpringSecurityCoreVersionSerializableTests} class. + * @deprecated Please have each class use its own serialization version For more + * details, refer to the {@code SpringSecurityCoreVersionSerializableTests} class. */ @Deprecated(forRemoval = true) public static final long SERIAL_VERSION_UID = 620L;