SEC-3056 - Fix JavaDoc errors.

Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.

Author: thomasdarimont

acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java

@@ -83,14 +83,14 @@
  * Alternatively, you could have used a common superclass or interface for the
  * {@link #processDomainObjectClass} if both <code>BankAccount</code> and
  * <code>Customer</code> had common parents.
- * </p>
+ *
  * <p>
  * If the principal does not have sufficient permissions, the voter will vote to deny
  * access.
- * </p>
+ *
  * <p>
  * All comparisons and prefixes are case sensitive.
- * </p>
+ *
  *
  * @author Ben Alex
  */

config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java

@@ -58,7 +58,7 @@ public B and() {
 	 * Gets the {@link SecurityBuilder}. Cannot be null.
 	 *
 	 * @return the {@link SecurityBuilder}
-	 * @throw {@link IllegalStateException} if {@link SecurityBuilder} is null
+	 * @throws IllegalStateException if {@link SecurityBuilder} is null
 	 */
 	protected final B getBuilder() {
 		if (securityBuilder == null) {

config/src/main/java/org/springframework/security/config/annotation/authentication/ProviderManagerBuilder.java

@@ -36,9 +36,10 @@ public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> ext
 	 * customizations must be done externally and the {@link ProviderManagerBuilder} is
 	 * returned immediately.
 	 *
+	 * Note that an Exception is thrown if an error occurs when adding the {@link AuthenticationProvider}.
+	 *
 	 * @return a {@link ProviderManagerBuilder} to allow further authentication to be
 	 * provided to the {@link ProviderManagerBuilder}
-	 * @throws Exception if an error occurs when adding the {@link AuthenticationProvider}
 	 */
 	B authenticationProvider(AuthenticationProvider authenticationProvider);
 }

config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java

@@ -61,7 +61,7 @@ public class AuthenticationManagerBuilder
 
 	/**
 	 * Creates a new instance
-	 * @param the {@link ObjectPostProcessor} instance to use.
+	 * @param objectPostProcessor the {@link ObjectPostProcessor} instance to use.
 	 */
 	public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
 		super(objectPostProcessor, true);
@@ -196,7 +196,6 @@ public <T extends UserDetailsService> DaoAuthenticationConfigurer<Authentication
 	 * <p>
 	 * This method <b>does NOT</b> ensure that a {@link UserDetailsService} is available
 	 * for the {@link #getDefaultUserDetailsService()} method.
-	 * </p>
 	 *
 	 * @return a {@link LdapAuthenticationProviderConfigurer} to allow customization of
 	 * the LDAP authentication
@@ -216,11 +215,11 @@ public LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAu
 	 * <p>
 	 * This method <b>does NOT</b> ensure that the {@link UserDetailsService} is available
 	 * for the {@link #getDefaultUserDetailsService()} method.
-	 * </p>
+	 *
+	 * Note that an {@link Exception} might be thrown if an error occurs when adding the {@link AuthenticationProvider}.
 	 *
 	 * @return a {@link AuthenticationManagerBuilder} to allow further authentication to
 	 * be provided to the {@link AuthenticationManagerBuilder}
-	 * @throws Exception if an error occurs when adding the {@link AuthenticationProvider}
 	 */
 	public AuthenticationManagerBuilder authenticationProvider(
 			AuthenticationProvider authenticationProvider) {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java

@@ -27,7 +27,7 @@
  * to have in memory authentication. It also allows easily adding users to the in memory
  * authentication.
  *
- * @param <B> the type of the {@link SecurityBuilder} that is being configured
+ * @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
  *
  * @author Rob Winch
  * @since 3.2

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/JdbcUserDetailsManagerConfigurer.java

@@ -38,7 +38,6 @@
  * <p>
  * The only required method is the {@link #dataSource(javax.sql.DataSource)} all other
  * methods have reasonable defaults.
- * </p>
  *
  * @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
  *
@@ -82,7 +81,7 @@ public JdbcUserDetailsManagerConfigurer<B> dataSource(DataSource dataSource)
 	 * </code>
 	 * @param query The query to use for selecting the username, password, and if the user
 	 * is enabled by username. Must contain a single parameter for the username.
-	 * @return The {@link JdbcUserDetailsManagerRegistry} used for additional
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
 	 * customizations
 	 * @throws Exception
 	 */
@@ -102,7 +101,7 @@ public JdbcUserDetailsManagerConfigurer<B> usersByUsernameQuery(String query)
 	 *
 	 * @param query The query to use for selecting the username, authority by username.
 	 * Must contain a single parameter for the username.
-	 * @return The {@link JdbcUserDetailsManagerRegistry} used for additional
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
 	 * customizations
 	 * @throws Exception
 	 */
@@ -126,7 +125,7 @@ public JdbcUserDetailsManagerConfigurer<B> authoritiesByUsernameQuery(String que
 	 *
 	 * @param query The query to use for selecting the authorities by group. Must contain
 	 * a single parameter for the username.
-	 * @return The {@link JdbcUserDetailsManagerRegistry} used for additional
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
 	 * customizations
 	 * @throws Exception
 	 */
@@ -181,7 +180,7 @@ public JdbcUserDetailsManager getUserDetailsService() {
 	/**
 	 * Populates the default schema that allows users and authorities to be stored.
 	 *
-	 * @return The {@link JdbcUserDetailsManagerRegistry} used for additional
+	 * @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
 	 * customizations
 	 */
 	public JdbcUserDetailsManagerConfigurer<B> withDefaultSchema() {

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java

@@ -80,9 +80,6 @@ public final UserDetailsBuilder withUser(String username) {
 	/**
 	 * Builds the user to be added. At minimum the username, password, and authorities
 	 * should provided. The remaining attributes have reasonable defaults.
-	 *
-	 * @param <T> the type of {@link UserDetailsManagerConfigurer} to return for chaining
-	 * methods.
 	 */
 	public class UserDetailsBuilder {
 		private String username;
@@ -103,11 +100,10 @@ private UserDetailsBuilder(C builder) {
 		}
 
 		/**
-		 * Returns the {@link UserDetailsManagerRegistry} for method chaining (i.e. to add
+		 * Returns the {@link UserDetailsManagerConfigurer} for method chaining (i.e. to add
 		 * another user)
 		 *
-		 * @return the {@link UserDetailsManagerRegistry} for method chaining (i.e. to add
-		 * another user)
+		 * @return the {@link UserDetailsManagerConfigurer} for method chaining
 		 */
 		public C and() {
 			return builder;

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/UserDetailsServiceConfigurer.java

@@ -27,8 +27,8 @@
  * @author Rob Winch
  * @since 3.2
  *
- * @param <B> the type of the {@link SecurityBuilder}
- * @param <C> the {@link SecurityConfigurer} (or this)
+ * @param <B> the type of the {@link ProviderManagerBuilder}
+ * @param <C> the {@link UserDetailsServiceConfigurer} (or this)
  * @param <U> the type of UserDetailsService being used to allow for returning the
  * concrete UserDetailsService.
  */

config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java

@@ -29,9 +29,8 @@
 
 /**
  * <p>
- * Enables Spring Security global method security similar to the <global-method-security>
+ * Enables Spring Security global method security similar to the &lt;global-method-security&gt;
  * xml support.
- * </p>
  *
  * <p>
  * More advanced configurations may wish to extend

config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java

@@ -142,11 +142,11 @@ <C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C removeConfigurer
 	 * <li>{@link LogoutFilter}</li>
 	 * <li>{@link X509AuthenticationFilter}</li>
 	 * <li>{@link AbstractPreAuthenticatedProcessingFilter}</li>
-	 * <li>{@link org.springframework.security.cas.web.CasAuthenticationFilter}</li>
+	 * <li><a href="{@docRoot}/org/springframework/security/cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
 	 * <li>{@link UsernamePasswordAuthenticationFilter}</li>
 	 * <li>{@link ConcurrentSessionFilter}</li>
 	 * <li>{@link OpenIDAuthenticationFilter}</li>
-	 * <li>{@link DefaultLoginPageGeneratingFilter}</li>
+	 * <li>{@link org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter}</li>
 	 * <li>{@link ConcurrentSessionFilter}</li>
 	 * <li>{@link DigestAuthenticationFilter}</li>
 	 * <li>{@link BasicAuthenticationFilter}</li>

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -71,7 +71,7 @@
 import org.springframework.util.Assert;
 
 /**
- * A {@link HttpSecurity} is similar to Spring Security's XML <http> element in the
+ * A {@link HttpSecurity} is similar to Spring Security's XML &lt;http&gt; element in the
  * namespace configuration. It allows configuring web based security for specific http
  * requests. By default it will be applied to all requests, but can be restricted using
  * {@link #requestMatcher(RequestMatcher)} or other similar methods.
@@ -283,7 +283,7 @@ public OpenIDLoginConfigurer<HttpSecurity> openidLogin() throws Exception {
 	 *
 	 * @return
 	 * @throws Exception
-	 * @see {@link HeadersConfigurer}
+	 * @see HeadersConfigurer
 	 */
 	public HeadersConfigurer<HttpSecurity> headers() throws Exception {
 		return getOrApply(new HeadersConfigurer<HttpSecurity>());
@@ -326,8 +326,8 @@ public HeadersConfigurer<HttpSecurity> headers() throws Exception {
 	 *
 	 * <pre>
 	 * &lt;listener&gt;
-	 *      &ltlistener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
-	 * &lt/listener>
+	 *      &lt;listener-class&gt;org.springframework.security.web.session.HttpSessionEventPublisher&lt;/listener-class&gt;
+	 * &lt;/listener&gt;
 	 * </pre>
 	 *
 	 * Alternatively,
@@ -378,7 +378,7 @@ public SessionManagementConfigurer<HttpSecurity> sessionManagement() throws Exce
 	 *
 	 * @return the {@link PortMapperConfigurer} for further customizations
 	 * @throws Exception
-	 * @see {@link #requiresChannel()}
+	 * @see #requiresChannel()
 	 */
 	public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
 		return getOrApply(new PortMapperConfigurer<HttpSecurity>());
@@ -716,7 +716,7 @@ public LogoutConfigurer<HttpSecurity> logout() throws Exception {
 	 * {@link org.springframework.security.authentication.AnonymousAuthenticationToken}
 	 * and contain the role "ROLE_ANONYMOUS".
 	 *
-	 * <h2>Example Configuration</h2
+	 * <h2>Example Configuration</h2>
 	 *
 	 * The following configuration demonstrates how to specify that anonymous users should
 	 * contain the role "ROLE_ANON" instead.
@@ -908,6 +908,10 @@ public HttpBasicConfigurer<HttpSecurity> httpBasic() throws Exception {
 		return getOrApply(new HttpBasicConfigurer<HttpSecurity>());
 	}
 
+	public <C> void setSharedObject(Class<C> sharedType, C object) {
+		super.setSharedObject(sharedType, object);
+	}
+
 	@Override
 	protected void beforeConfigure() throws Exception {
 		setSharedObject(AuthenticationManager.class, getAuthenticationRegistry().build());

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java

@@ -29,7 +29,7 @@
 /**
  * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
  * integration. This configuration is added whenever {@link EnableWebMvc} is added by
- * {@link SpringWebMvcImportSelector} and the DispatcherServlet is present on the
+ * <a href="{@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and the DispatcherServlet is present on the
  * classpath. It also adds the {@link AuthenticationPrincipalArgumentResolver} as a
  * {@link HandlerMethodArgumentResolver}.
  *

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -262,7 +262,7 @@ protected AuthenticationManager authenticationManager() throws Exception {
 	 * {@link #userDetailsService()} instead
 	 * @return
 	 * @throws Exception
-	 * @see {@link #userDetailsService()}
+	 * @see #userDetailsService()
 	 */
 	public UserDetailsService userDetailsServiceBean() throws Exception {
 		AuthenticationManagerBuilder globalAuthBuilder = context
@@ -273,7 +273,7 @@ public UserDetailsService userDetailsServiceBean() throws Exception {
 
 	/**
 	 * Allows modifying and accessing the {@link UserDetailsService} from
-	 * {@link #userDetailsServiceBean()()} without interacting with the
+	 * {@link #userDetailsServiceBean()} without interacting with the
 	 * {@link ApplicationContext}. Developers should override this method when changing
 	 * the instance of {@link #userDetailsServiceBean()}.
 	 *

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java

@@ -178,8 +178,8 @@ public final T permitAll() {
 	}
 
 	/**
-	 * Ensures the urls for {@link #failureUrl(String)} and
-	 * {@link #authenticationUrls(String)} are granted access to any user.
+	 * Ensures the urls for {@link #failureUrl(String)} as well as for the {@link HttpSecurityBuilder}, the
+	 * {@link #getLoginPage} and {@link #getLoginProcessingUrl} are granted access to any user.
 	 *
 	 * @param permitAll true to grant access to the URLs false to skip this step
 	 * @return the {@link FormLoginConfigurer} for additional customization

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java

@@ -51,7 +51,7 @@
  *
  * <ul>
  * <li>
- * {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#getAuthenticationManager()}
+ * {@link AuthenticationManager}
  * </li>
  * </ul>
  *
@@ -115,7 +115,7 @@ abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegist
 
 		/**
 		 * Allows setting the {@link AccessDecisionManager}. If none is provided, a
-		 * default {@l AccessDecisionManager} is created.
+		 * default {@link AccessDecisionManager} is created.
 		 *
 		 * @param accessDecisionManager the {@link AccessDecisionManager} to use
 		 * @return the {@link AbstractInterceptUrlConfigurer} for further customization
@@ -162,7 +162,7 @@ private AccessDecisionManager createDefaultAccessDecisionManager(H http) {
 
 	/**
 	 * If currently null, creates a default {@link AccessDecisionManager} using
-	 * {@link #createDefaultAccessDecisionManager()}. Otherwise returns the
+	 * {@link #createDefaultAccessDecisionManager(HttpSecurityBuilder)}. Otherwise returns the
 	 * {@link AccessDecisionManager}.
 	 *
 	 * @param http the builder to use

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurer.java

@@ -84,7 +84,7 @@ public ExceptionHandlingConfigurer() {
 	 * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401)
 	 * @return the {@link ExceptionHandlingConfigurer} for further customization
 	 * @see AccessDeniedHandlerImpl
-	 * @see {@link #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)}
+	 * @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
 	 */
 	public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) {
 		AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

@@ -70,7 +70,7 @@
  *
  * @author Rob Winch
  * @since 3.2
- * @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}
+ * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
  */
 public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends
@@ -339,7 +339,7 @@ public ExpressionInterceptUrlRegistry anonymous() {
 		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
-		 * @see {@link RememberMeConfigurer}
+		 * @see RememberMeConfigurer
 		 */
 		public ExpressionInterceptUrlRegistry rememberMe() {
 			return access(rememberMe);
@@ -371,7 +371,7 @@ public ExpressionInterceptUrlRegistry authenticated() {
 		 *
 		 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
 		 * customization
-		 * @see {@link RememberMeConfigurer}
+		 * @see RememberMeConfigurer
 		 */
 		public ExpressionInterceptUrlRegistry fullyAuthenticated() {
 			return access(fullyAuthenticated);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java

@@ -53,7 +53,7 @@
  * The following shared objects are used:
  *
  * <ul>
- * <li>{@link AuthenticationManager}</li>
+ * <li>{@link org.springframework.security.authentication.AuthenticationManager}</li>
  * <li>{@link RememberMeServices} - is optionally used. See {@link RememberMeConfigurer}</li>
  * <li>{@link SessionAuthenticationStrategy} - is optionally used. See
  * {@link SessionManagementConfigurer}</li>

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -186,7 +186,7 @@ public XXssConfig block(boolean enabled) {
 		 * X-XSS-Protection: 1
 		 * </pre>
 		 *
-		 * or if {@link #setBlock(boolean)} is true
+		 * or if {@link XXssProtectionHeaderWriter#setBlock(boolean)} of the given {@link XXssProtectionHeaderWriter} is true
 		 *
 		 *
 		 * <pre>

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java

@@ -83,7 +83,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
 	/**
 	 * Creates a new instance
 	 * @throws Exception
-	 * @see {@link HttpSecurity#httpBasic()}
+	 * @see HttpSecurity#httpBasic()
 	 */
 	public HttpBasicConfigurer() throws Exception {
 		realmName(DEFAULT_REALM);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java

@@ -187,7 +187,7 @@ public JeeConfigurer<H> j2eePreAuthenticatedProcessingFilter(
 	 * Populates a {@link PreAuthenticatedAuthenticationProvider} into
 	 * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)}
 	 * and a {@link Http403ForbiddenEntryPoint} into
-	 * {@link HttpSecurity#authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)}
+	 * {@link HttpSecurityBuilder#setSharedObject(Class, Object)}
 	 *
 	 * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
 	 */

config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java

@@ -35,7 +35,7 @@
 
 /**
  * Adds logout support. Other {@link SecurityConfigurer} instances may invoke
- * {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurity)} phase.
+ * {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurityBuilder)} phase.
  *
  * <h2>Security Filters</h2>
  *

config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java

@@ -199,7 +199,7 @@ public OpenIDLoginConfigurer<H> authenticationUserDetailsService(
 	 * {@link HttpServletRequest} matches this URL the {@link OpenIDAuthenticationFilter}
 	 * will attempt to authenticate the request. The default is "/login/openid".
 	 *
-	 * @param loginUrl the URL used to perform authentication
+	 * @param loginProcessingUrl the URL used to perform authentication
 	 * @return the {@link OpenIDLoginConfigurer} for additional customization
 	 */
 	public OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl) {