spring-projects · limvik · Jul 7, 2023 · Jul 9, 2023 · Jul 9, 2023 · Jul 9, 2023
diff --git a/.../org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java b/.../org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -127,11 +127,7 @@ final class FilterOrderRegistration {
 	 * @param position the position to associate with the {@link Filter}
 	 */
 	void put(Class<? extends Filter> filter, int position) {
-		String className = filter.getName();
-		if (this.filterToOrder.containsKey(className)) {
-			return;
-		}
-		this.filterToOrder.put(className, position);
+		this.filterToOrder.putIfAbsent(filter.getName(), position);
 	}
 
 	/**

diff --git a/...rc/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/...rc/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@@ -68,14 +68,14 @@ public Collection<GrantedAuthority> getAuthorities() {
 
 	@Override
 	public String getName() {
-		if (this.getPrincipal() instanceof UserDetails) {
-			return ((UserDetails) this.getPrincipal()).getUsername();
+		if (this.getPrincipal() instanceof UserDetails userDetails) {
+			return userDetails.getUsername();
 		}
-		if (this.getPrincipal() instanceof AuthenticatedPrincipal) {
-			return ((AuthenticatedPrincipal) this.getPrincipal()).getName();
+		if (this.getPrincipal() instanceof AuthenticatedPrincipal authenticatedPrincipal) {
+			return authenticatedPrincipal.getName();
 		}
-		if (this.getPrincipal() instanceof Principal) {
-			return ((Principal) this.getPrincipal()).getName();
+		if (this.getPrincipal() instanceof Principal principal) {
+			return principal.getName();
 		}
 		return (this.getPrincipal() == null) ? "" : this.getPrincipal().toString();
 	}
@@ -119,10 +119,9 @@ private void eraseSecret(Object secret) {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (!(obj instanceof AbstractAuthenticationToken)) {
+		if (!(obj instanceof AbstractAuthenticationToken test)) {
 			return false;
 		}
-		AbstractAuthenticationToken test = (AbstractAuthenticationToken) obj;
 		if (!this.authorities.equals(test.authorities)) {
 			return false;
 		}

diff --git a/...c/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java b/...c/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
@@ -74,8 +74,7 @@ public boolean equals(Object obj) {
 		if (!super.equals(obj)) {
 			return false;
 		}
-		if (obj instanceof AnonymousAuthenticationToken) {
-			AnonymousAuthenticationToken test = (AnonymousAuthenticationToken) obj;
+		if (obj instanceof AnonymousAuthenticationToken test) {
 			return (this.getKeyHash() == test.getKeyHash());
 		}
 		return false;

diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
@@ -206,7 +206,7 @@ public boolean isObserveOncePerRequest() {
 
 	/**
 	 * Sets whether this filter apply only once per request. By default, this is
-	 * <code>false</code>, meaning the filter will execute on every request. Sometimes
+	 * <code>true</code>, meaning the filter will only execute once per request. Sometimes
 	 * users may wish it to execute more than once per request, such as when JSP forwards
 	 * are being used and filter security is desired on each included fragment of the HTTP
 	 * request.
@@ -218,8 +218,7 @@ public void setObserveOncePerRequest(boolean observeOncePerRequest) {
 	}
 
 	/**
-	 * If set to true, the filter will be applied to error dispatcher. Defaults to
-	 * {@code true}.
+	 * If set to true, the filter will be applied to error dispatcher. Defaults to false.
 	 * @param filterErrorDispatch whether the filter should be applied to error dispatcher
 	 */
 	public void setFilterErrorDispatch(boolean filterErrorDispatch) {
@@ -228,7 +227,7 @@ public void setFilterErrorDispatch(boolean filterErrorDispatch) {
 
 	/**
 	 * If set to true, the filter will be applied to the async dispatcher. Defaults to
-	 * {@code true}.
+	 * false.
 	 * @param filterAsyncDispatch whether the filter should be applied to async dispatch
 	 */
 	public void setFilterAsyncDispatch(boolean filterAsyncDispatch) {

diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2022 the original author or authors.
+ * Copyright 2010-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -127,10 +127,9 @@ protected Subject obtainSubject(ServletRequest request) {
 		if (!authentication.isAuthenticated()) {
 			return null;
 		}
-		if (!(authentication instanceof JaasAuthenticationToken)) {
+		if (!(authentication instanceof JaasAuthenticationToken token)) {
 			return null;
 		}
-		JaasAuthenticationToken token = (JaasAuthenticationToken) authentication;
 		LoginContext loginContext = token.getLoginContext();
 		if (loginContext == null) {
 			return null;