Checkstyle Fixes

- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394

Author: rwinch

cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java

@@ -40,9 +40,9 @@
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java

@@ -37,9 +37,9 @@
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java

@@ -47,9 +47,9 @@
  * </pre>
  *
  * @author Jitendra Singh
+ * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
- * @since 4.2
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE,

config/src/main/java/org/springframework/security/config/Customizer.java

@@ -19,8 +19,8 @@
 /**
  * Callback interface that accepts a single input argument and returns no result.
  *
- * @author Eleftheria Stein
  * @param <T> the type of the input to the operation
+ * @author Eleftheria Stein
  * @since 5.2
  */
 @FunctionalInterface

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/GlobalAuthenticationConfigurerAdapter.java

@@ -27,8 +27,8 @@
  * {@link AuthenticationConfiguration} to configure the global
  * {@link AuthenticationManagerBuilder}.
  *
- * @since 5.0
  * @author Rob Winch
+ * @since 5.0
  */
 @Order(100)
 public abstract class GlobalAuthenticationConfigurerAdapter

config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java

@@ -30,10 +30,10 @@
  * class is not intended to be imported manually rather it is imported automatically when
  * using {@link EnableWebSecurity} or {@link EnableGlobalMethodSecurity}.
  *
- * @see EnableWebSecurity
- * @see EnableGlobalMethodSecurity
  * @author Rob Winch
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see EnableGlobalMethodSecurity
  */
 @Configuration(proxyBeanMethods = false)
 @Role(BeanDefinition.ROLE_INFRASTRUCTURE)

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java

@@ -60,11 +60,11 @@
  * {@link WebSecurityConfigurer} and exposing it as a {@link Configuration}. This
  * configuration is imported when using {@link EnableWebSecurity}.
  *
- * @see EnableWebSecurity
- * @see WebSecurity
  * @author Rob Winch
  * @author Keesun Baik
  * @since 3.2
+ * @see EnableWebSecurity
+ * @see WebSecurity
  */
 @Configuration(proxyBeanMethods = false)
 public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -87,8 +87,8 @@
  * org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer, sample.OtherThatExtendsAbstractHttpConfigurer
  * </pre>
  *
- * @see EnableWebSecurity
  * @author Rob Winch
+ * @see EnableWebSecurity
  */
 @Order(100)
 public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -490,8 +490,8 @@ public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> refe
 	 * @return the {@link FeaturePolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 * @since 5.1
-	 * @see FeaturePolicyHeaderWriter
 	 * @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
+	 * @seeObjectPostProcessorConfiguration FeaturePolicyHeaderWriter
 	 */
 	@Deprecated
 	public FeaturePolicyConfig featurePolicy(String policyDirectives) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/ImplicitGrantConfigurer.java

@@ -49,15 +49,15 @@
  * <li>{@link ClientRegistrationRepository}</li>
  * </ul>
  *
+ * @author Joe Grandja
+ * @since 5.0
+ * @see OAuth2AuthorizationRequestRedirectFilter
+ * @see ClientRegistrationRepository
  * @deprecated It is not recommended to use the implicit flow due to the inherent risks of
  * returning access tokens in an HTTP redirect without any confirmation that it has been
  * received by the client. See reference
  * <a target="_blank" href="https://oauth.net/2/grant-types/implicit/">OAuth 2.0 Implicit
  * Grant</a>.
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2AuthorizationRequestRedirectFilter
- * @see ClientRegistrationRepository
  */
 @Deprecated
 public final class ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>>