Make classes final where possible

Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945

Author: philwebb

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java

@@ -550,7 +550,7 @@ public void testProcessingCustomSid() {
 	 */
 	private class CustomJdbcMutableAclService extends JdbcMutableAclService {
 
-		private CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
+		CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
 			super(dataSource, lookupStrategy, aclCache);
 		}
 

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/UserDetailsManagerConfigurer.java

@@ -104,7 +104,7 @@ public final UserDetailsBuilder withUser(String username) {
 	 * Builds the user to be added. At minimum the username, password, and authorities
 	 * should provided. The remaining attributes have reasonable defaults.
 	 */
-	public class UserDetailsBuilder {
+	public final class UserDetailsBuilder {
 
 		private UserBuilder user;
 

config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java

@@ -164,7 +164,7 @@ public RSocketSecurity simpleAuthentication(Customizer<SimpleAuthenticationSpec>
 	/**
 	 * @since 5.3
 	 */
-	public class SimpleAuthenticationSpec {
+	public final class SimpleAuthenticationSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -208,7 +208,7 @@ public RSocketSecurity basicAuthentication(Customizer<BasicAuthenticationSpec> b
 		return this;
 	}
 
-	public class BasicAuthenticationSpec {
+	public final class BasicAuthenticationSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -244,7 +244,7 @@ public RSocketSecurity jwt(Customizer<JwtSpec> jwt) {
 		return this;
 	}
 
-	public class JwtSpec {
+	public final class JwtSpec {
 
 		private ReactiveAuthenticationManager authenticationManager;
 
@@ -370,7 +370,7 @@ public Access matcher(PayloadExchangeMatcher matcher) {
 			return new Access(matcher);
 		}
 
-		public class Access {
+		public final class Access {
 
 			private final PayloadExchangeMatcher matcher;
 

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -2942,10 +2942,7 @@ public class RequestMatcherConfigurer extends AbstractRequestMatcherRegistry<Req
 
 		protected List<RequestMatcher> matchers = new ArrayList<>();
 
-		/**
-		 * @param context
-		 */
-		private RequestMatcherConfigurer(ApplicationContext context) {
+		RequestMatcherConfigurer(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 

config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java

@@ -337,7 +337,7 @@ public IgnoredRequestConfigurer servletPath(String servletPath) {
 	 */
 	public class IgnoredRequestConfigurer extends AbstractRequestMatcherRegistry<IgnoredRequestConfigurer> {
 
-		private IgnoredRequestConfigurer(ApplicationContext context) {
+		IgnoredRequestConfigurer(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java

@@ -220,7 +220,7 @@ public class RequiresChannelUrl {
 
 		protected List<? extends RequestMatcher> requestMatchers;
 
-		private RequiresChannelUrl(List<? extends RequestMatcher> requestMatchers) {
+		RequiresChannelUrl(List<? extends RequestMatcher> requestMatchers) {
 			this.requestMatchers = requestMatchers;
 		}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java

@@ -303,8 +303,8 @@ private AccessDeniedHandler createAccessDeniedHandler(H http) {
 	 * @since 5.2
 	 */
 	private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
-		if (sessionAuthenticationStrategy != null) {
-			return sessionAuthenticationStrategy;
+		if (this.sessionAuthenticationStrategy != null) {
+			return this.sessionAuthenticationStrategy;
 		}
 		else {
 			return new CsrfAuthenticationStrategy(this.csrfTokenRepository);
@@ -321,10 +321,7 @@ private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
 	 */
 	private class IgnoreCsrfProtectionRegistry extends AbstractRequestMatcherRegistry<IgnoreCsrfProtectionRegistry> {
 
-		/**
-		 * @param context
-		 */
-		private IgnoreCsrfProtectionRegistry(ApplicationContext context) {
+		IgnoreCsrfProtectionRegistry(ApplicationContext context) {
 			setApplicationContext(context);
 		}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

@@ -109,7 +109,7 @@ public ExpressionInterceptUrlRegistry getRegistry() {
 		return REGISTRY;
 	}
 
-	public class ExpressionInterceptUrlRegistry extends
+	public final class ExpressionInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<ExpressionInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -130,7 +130,7 @@ public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
@@ -267,7 +267,7 @@ private static String hasIpAddress(String ipAddressExpression) {
 	 *
 	 * @author Rob Winch
 	 */
-	public class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
+	public final class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
 
 		/**
 		 * Creates a new instance
@@ -296,7 +296,7 @@ public class AuthorizedUrl {
 		 * Creates a new instance
 		 * @param requestMatchers the {@link RequestMatcher} instances to map
 		 */
-		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
+		AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
 			this.requestMatchers = requestMatchers;
 		}
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java

@@ -113,7 +113,7 @@ public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor
 		return this;
 	}
 
-	public class StandardInterceptUrlRegistry extends
+	public final class StandardInterceptUrlRegistry extends
 			ExpressionUrlAuthorizationConfigurer<H>.AbstractInterceptUrlRegistry<StandardInterceptUrlRegistry, AuthorizedUrl> {
 
 		/**
@@ -134,7 +134,7 @@ public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
 		}
 
 		@Override
-		protected final AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
+		protected AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers) {
 			return new AuthorizedUrl(requestMatchers);
 		}
 
@@ -275,7 +275,7 @@ public class AuthorizedUrl {
 		 * @param requestMatchers the {@link RequestMatcher} instances to map to some
 		 * {@link ConfigAttribute} instances.
 		 */
-		private AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
+		AuthorizedUrl(List<? extends RequestMatcher> requestMatchers) {
 			Assert.notEmpty(requestMatchers, "requestMatchers must contain at least one value");
 			this.requestMatchers = requestMatchers;
 		}

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java

@@ -154,7 +154,7 @@ public OAuth2ClientConfigurer<B> authorizationCodeGrant(
 	/**
 	 * Configuration options for the OAuth 2.0 Authorization Code Grant.
 	 */
-	public class AuthorizationCodeGrantConfigurer {
+	public final class AuthorizationCodeGrantConfigurer {
 
 		private OAuth2AuthorizationRequestResolver authorizationRequestResolver;