From dc27b51d0df895d90f52f86d54d78d46e0e27877 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Sat, 1 Nov 2025 14:02:08 +0700
Subject: [PATCH 1/2] Fix typos

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 .../access/expression/EvaluationContextPostProcessor.java | 2 +-
 .../security/acls/domain/AclAuthorizationStrategy.java    | 2 +-
 .../security/acls/domain/GrantedAuthoritySid.java         | 2 +-
 .../security/acls/jdbc/JdbcAclService.java                | 2 +-
 .../security/acls/jdbc/JdbcMutableAclService.java         | 4 ++--
 .../security/cas/web/CasAuthenticationFilter.java         | 8 ++++----
 .../annotation/AbstractConfiguredSecurityBuilder.java     | 8 ++++----
 .../config/annotation/web/HttpSecurityBuilder.java        | 2 +-
 .../annotation/web/builders/FilterOrderRegistration.java  | 2 +-
 .../annotation/web/configurers/LogoutConfigurer.java      | 2 +-
 .../web/configurers/SessionManagementConfigurer.java      | 2 +-
 .../web/configurers/saml2/Saml2MetadataConfigurer.java    | 2 +-
 .../web/reactive/ServerHttpSecurityConfiguration.java     | 2 +-
 .../security/config/http/AuthenticationConfigBuilder.java | 6 +++---
 .../config/ldap/LdapServerBeanDefinitionParser.java       | 6 +++---
 .../configurers/AuthorizeHttpRequestsConfigurerTests.java | 2 +-
 .../access/expression/SecurityExpressionOperations.java   | 2 +-
 docs/modules/ROOT/pages/servlet/appendix/faq.adoc         | 2 +-
 docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc | 2 +-
 .../KerberosServiceAuthenticationProvider.java            | 2 +-
 .../kerberos/authentication/KerberosTicketValidator.java  | 2 +-
 .../SpnegoAuthenticationProcessingFilter.java             | 4 ++--
 .../messaging/util/matcher/PathPatternMessageMatcher.java | 8 ++++----
 .../security/saml2/core/Saml2X509Credential.java          | 2 +-
 .../request/SecurityMockMvcRequestPostProcessors.java     | 4 ++--
 .../access/expression/EvaluationContextPostProcessor.java | 2 +-
 .../websphere/DefaultWASUsernameAndGroupsExtractor.java   | 6 +++---
 .../rememberme/RememberMeAuthenticationFilter.java        | 4 ++--
 .../security/web/csrf/HttpSessionCsrfTokenRepository.java | 2 +-
 .../security/web/firewall/StrictHttpFirewall.java         | 6 +++---
 .../web/header/writers/PermissionsPolicyHeaderWriter.java | 2 +-
 .../writers/frameoptions/RegExpAllowFromStrategy.java     | 2 +-
 .../security/web/savedrequest/FastHttpDateFormat.java     | 2 +-
 .../server/authentication/AuthenticationWebFilter.java    | 4 ++--
 .../servlet/util/matcher/PathPatternRequestMatcher.java   | 8 ++++----
 .../security/web/util/ThrowableAnalyzer.java              | 3 +--
 .../org/springframework/security/web/util/UrlUtils.java   | 2 +-
 .../web/session/HttpSessionEventPublisherTests.java       | 4 ++--
 .../security/web/webauthn/api/CredentialRecord.java       | 2 +-
 .../security/web/webauthn/api/PublicKeyCredential.java    | 2 +-
 .../webauthn/api/PublicKeyCredentialCreationOptions.java  | 2 +-
 .../security/web/webauthn/api/ResidentKeyRequirement.java | 2 +-
 42 files changed, 68 insertions(+), 69 deletions(-)

diff --git a/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java b/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
index cadca0aab1d..31f89de36d9 100644
--- a/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
+++ b/access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
@@ -39,7 +39,7 @@ interface EvaluationContextPostProcessor<I> {
 	 * that was passed in.
 	 * @param context the original {@link EvaluationContext}
 	 * @param invocation the security invocation object (i.e. Message)
-	 * @return the upated context.
+	 * @return the updated context.
 	 */
 	EvaluationContext postProcess(EvaluationContext context, I invocation);
 
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
index fa243b0fcf7..cd908d2432c 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
@@ -20,7 +20,7 @@
 
 /**
  * Strategy used by {@link AclImpl} to determine whether a principal is permitted to call
- * adminstrative methods on the <code>AclImpl</code>.
+ * administrative methods on the <code>AclImpl</code>.
  *
  * @author Ben Alex
  */
diff --git a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
index 73c1dc0366d..a72d690cf5e 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
@@ -42,7 +42,7 @@ public GrantedAuthoritySid(String grantedAuthority) {
 	public GrantedAuthoritySid(GrantedAuthority grantedAuthority) {
 		Assert.notNull(grantedAuthority, "GrantedAuthority required");
 		Assert.notNull(grantedAuthority.getAuthority(),
-				"This Sid is only compatible with GrantedAuthoritys that provide a non-null getAuthority()");
+				"This Sid is only compatible with GrantedAuthority that provide a non-null getAuthority()");
 		this.grantedAuthority = grantedAuthority.getAuthority();
 	}
 
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
index f8dbb687e66..69667c89337 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
@@ -160,7 +160,7 @@ public void setAclClassIdSupported(boolean aclClassIdSupported) {
 				this.findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE;
 			}
 			else {
-				log.debug("Find children statement has already been overridden, so not overridding the default");
+				log.debug("Find children statement has already been overridden, so not overriding the default");
 			}
 		}
 	}
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
index 9b8eb5acbc2..9c22037dd9e 100644
--- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
+++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
@@ -50,7 +50,7 @@
  * The default settings are for HSQLDB. If you are using a different database you will
  * probably need to set the {@link #setSidIdentityQuery(String) sidIdentityQuery} and
  * {@link #setClassIdentityQuery(String) classIdentityQuery} properties appropriately. The
- * other queries, SQL inserts and updates can also be customized to accomodate schema
+ * other queries, SQL inserts and updates can also be customized to accommodate schema
  * variations, but must produce results consistent with those expected by the defaults.
  * <p>
  * See the appendix of the Spring Security reference manual for more information on the
@@ -471,7 +471,7 @@ public void setAclClassIdSupported(boolean aclClassIdSupported) {
 				this.insertClass = DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID;
 			}
 			else {
-				log.debug("Insert class statement has already been overridden, so not overridding the default");
+				log.debug("Insert class statement has already been overridden, so not overriding the default");
 			}
 		}
 	}
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 06623db874d..7df0846ea52 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -326,7 +326,7 @@ public final void setAuthenticationFailureHandler(AuthenticationFailureHandler f
 	/**
 	 * Use this {@code RequestMatcher} to match proxy receptor requests. Without setting
 	 * this matcher, {@link CasAuthenticationFilter} will not capture any proxy receptor
-	 * requets.
+	 * requests.
 	 * @param proxyReceptorMatcher the {@link RequestMatcher} to use
 	 * @since 6.5
 	 */
@@ -383,7 +383,7 @@ public final void setRequestCache(RequestCache requestCache) {
 	}
 
 	/**
-	 * Indicates if the request is elgible to process a service ticket. This method exists
+	 * Indicates if the request is eligible to process a service ticket. This method exists
 	 * for readability.
 	 * @param request
 	 * @param response
@@ -396,7 +396,7 @@ private boolean serviceTicketRequest(HttpServletRequest request, HttpServletResp
 	}
 
 	/**
-	 * Indicates if the request is elgible to process a proxy ticket.
+	 * Indicates if the request is eligible to process a proxy ticket.
 	 * @param request
 	 * @return
 	 */
@@ -419,7 +419,7 @@ private boolean authenticated() {
 	}
 
 	/**
-	 * Indicates if the request is elgible to be processed as the proxy receptor.
+	 * Indicates if the request is eligible to be processed as the proxy receptor.
 	 * @param request
 	 * @return
 	 */
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index 04046fea104..f96ea84080f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -177,7 +177,7 @@ public <C> void setSharedObject(Class<C> sharedType, C object) {
 	}
 
 	/**
-	 * Gets a shared Object. Note that object heirarchies are not considered.
+	 * Gets a shared Object. Note that object hierarchies are not considered.
 	 * @param sharedType the type of the shared Object
 	 * @return the shared Object or null if it is not found
 	 */
@@ -360,7 +360,7 @@ protected void beforeConfigure() {
 
 	/**
 	 * Subclasses must implement this method to build the object that is being returned.
-	 * @return the Object to be buit or null if the implementation allows it
+	 * @return the Object to be built or null if the implementation allows it
 	 */
 	protected abstract O performBuild();
 
@@ -414,12 +414,12 @@ private boolean isUnbuilt() {
 	private enum BuildState {
 
 		/**
-		 * This is the state before the {@link Builder#build()} is invoked
+		 * This is the state before the {@link SecurityBuilder#build()} is invoked
 		 */
 		UNBUILT(0),
 
 		/**
-		 * The state from when {@link Builder#build()} is first invoked until all the
+		 * The state from when {@link SecurityBuilder#build()} is first invoked until all the
 		 * {@link SecurityConfigurer#init(SecurityBuilder)} methods have been invoked.
 		 */
 		INITIALIZING(1),
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
index 633521b9109..89ff01fbcfb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java
@@ -82,7 +82,7 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>>
 	<C> void setSharedObject(Class<C> sharedType, C object);
 
 	/**
-	 * Gets a shared Object. Note that object heirarchies are not considered.
+	 * Gets a shared Object. Note that object hierarchies are not considered.
 	 * @param sharedType the type of the shared Object
 	 * @return the shared Object or null if it is not found
 	 */
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
index 063ced5e88b..cdfe5728bee 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java
@@ -133,7 +133,7 @@ final class FilterOrderRegistration {
 	/**
 	 * Register a {@link Filter} with its specific position. If the {@link Filter} was
 	 * already registered before, the position previously defined is not going to be
-	 * overriden
+	 * overridden
 	 * @param filter the {@link Filter} to register
 	 * @param position the position to associate with the {@link Filter}
 	 */
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
index b70b0e19c54..f4e9cf6e9f8 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -305,7 +305,7 @@ boolean isCustomLogoutSuccess() {
 	}
 
 	/**
-	 * Gets the logoutSuccesUrl or null if a
+	 * Gets the logoutSuccessUrl or null if a
 	 * {@link #logoutSuccessHandler(LogoutSuccessHandler)} was configured.
 	 * @return the logoutSuccessUrl
 	 */
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index 4d004de46e7..8e75d47e89e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -146,7 +146,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 	/**
 	 * This should not use RequestAttributeSecurityContextRepository since that is
-	 * stateless and sesison management is about state management.
+	 * stateless and session management is about state management.
 	 */
 	private SecurityContextRepository sessionManagementSecurityContextRepository = new HttpSessionSecurityContextRepository();
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java
index b53717d2003..00e13a15200 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java
@@ -95,7 +95,7 @@ public Saml2MetadataConfigurer(ApplicationContext context) {
 	 * If there is no {@code registrationId} and your
 	 * {@link RelyingPartyRegistrationRepository} is {code Iterable}, the metadata
 	 * endpoint will try and show all relying parties' metadata in a single
-	 * {@code <md:EntitiesDecriptor} element.
+	 * {@code <md:EntitiesDescriptor} element.
 	 *
 	 * <p>
 	 * If you need a more sophisticated lookup strategy than these, use
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index 1bff8f5dcb3..a68f357fe75 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -167,7 +167,7 @@ ServerHttpSecurity httpSecurity(ApplicationContext context) {
 	}
 
 	/**
-	 * Applies all {@code Custmizer<ServerHttpSecurity>} Beans to
+	 * Applies all {@code Customizer<ServerHttpSecurity>} Beans to
 	 * {@link ServerHttpSecurity}.
 	 * @param context the {@link ApplicationContext}
 	 * @param http the {@link ServerHttpSecurity}
diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 0cc2af67792..f873b390877 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -538,7 +538,7 @@ void createX509Filter(BeanReference authManager,
 			}
 			injectAuthenticationDetailsSource(x509Elt, filterBuilder);
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
-			createPrauthEntryPoint(x509Elt);
+			createPreauthEntryPoint(x509Elt);
 			createX509Provider();
 		}
 		this.x509Filter = filter;
@@ -562,7 +562,7 @@ private void createX509Provider() {
 		this.x509ProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(provider));
 	}
 
-	private void createPrauthEntryPoint(Element source) {
+	private void createPreauthEntryPoint(Element source) {
 		if (this.preAuthEntryPoint == null) {
 			this.preAuthEntryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
 			this.preAuthEntryPoint.setSource(this.pc.extractSource(source));
@@ -595,7 +595,7 @@ void createJeeFilter(BeanReference authManager,
 			adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever);
 			filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition());
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
-			createPrauthEntryPoint(jeeElt);
+			createPreauthEntryPoint(jeeElt);
 			createJeeProvider();
 		}
 		this.jeeFilter = filter;
diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
index 1316560fe92..74bc65e05da 100644
--- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -165,20 +165,20 @@ private RootBeanDefinition createEmbeddedServer(Element element, ParserContext p
 	}
 
 	private RootBeanDefinition getRootBeanDefinition(String mode) {
-		if (isUnboundidEnabled(mode)) {
+		if (isUnboundIdEnabled(mode)) {
 			return new RootBeanDefinition(UNBOUNDID_CONTAINER_CLASSNAME, null, null);
 		}
 		throw new IllegalStateException("Embedded LDAP server is not provided");
 	}
 
 	private String resolveBeanId(String mode) {
-		if (isUnboundidEnabled(mode)) {
+		if (isUnboundIdEnabled(mode)) {
 			return BeanIds.EMBEDDED_UNBOUNDID;
 		}
 		return null;
 	}
 
-	private boolean isUnboundidEnabled(String mode) {
+	private boolean isUnboundIdEnabled(String mode) {
 		return "unboundid".equals(mode) || unboundIdPresent;
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
index 159fe17656a..15fdd19522c 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
@@ -1340,7 +1340,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	static class ServletPathConfig {
 
 		@Bean
-		PathPatternRequestMatcherBuilderFactoryBean requesMatcherBuilder() {
+		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
 			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
 			bean.setBasePath("/spring");
 			return bean;
diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
index f63f131585f..a40020722f4 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java
@@ -100,7 +100,7 @@ public interface SecurityExpressionOperations {
 	boolean isAnonymous();
 
 	/**
-	 * Determines ifthe {@link #getAuthentication()} is authenticated
+	 * Determines if the {@link #getAuthentication()} is authenticated
 	 * @return true if the {@link #getAuthentication()} is authenticated, else false
 	 */
 	boolean isAuthenticated();
diff --git a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
index d05269049a1..f4766ad2a17 100644
--- a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
+++ b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc
@@ -414,7 +414,7 @@ If you build your project with Maven, adding the appropriate Spring Security mod
 Any that are marked as "`optional`" in the Spring Security `pom.xml` files have to be added to your own `pom.xml` file if you need them.
 
 [[appendix-faq-unboundid-deps]]
-=== What dependences are needed to run an embedded UnboundID LDAP server?
+=== What dependencies are needed to run an embedded UnboundID LDAP server?
 
 You need to add the following dependency to your project:
 
diff --git a/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc b/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc
index 2d288f0a23e..964dde0e09e 100644
--- a/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc
+++ b/docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc
@@ -399,7 +399,7 @@ Second, each xref:#httpsecuritydsl-bean[HttpSecurityDsl.() -> Unit Beans] is app
 This means that if there are multiple `HttpSecurity.() -> Unit` Beans, the https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/core/annotation/Order.html[@Order] annotation can be added to the Bean definitions to control the ordering.
 
 Next, every xref:#top-level-dsl-bean[Top Level Security Dsl Beans] type is looked up and each is is applied using `ObjectProvider#orderedStream()`.
-If there is are differt types of top level security Beans (.e.g. `HeadersDsl.() -> Unit` and `HttpsRedirectDsl.() -> Unit`), then the order that each Dsl type is invoked is undefined.
+If there is are different types of top level security Beans (.e.g. `HeadersDsl.() -> Unit` and `HttpsRedirectDsl.() -> Unit`), then the order that each Dsl type is invoked is undefined.
 However, the order that each instance of of the same top level security Bean type is defined by `ObjectProvider#orderedStream()` and can be controlled using `@Order` on the Bean the definitions.
 
 Finally, the `HttpSecurityDsl` Bean is injected as a Bean.
diff --git a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java
index 229f23ba659..5bdb2b702a8 100644
--- a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java
+++ b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.java
@@ -39,7 +39,7 @@
  * It needs a <code>KerberosTicketValidator</code>, which contains the code to validate
  * the ticket, as this code is different between SUN and IBM JRE.<br>
  * It also needs an <code>UserDetailsService</code> to load the user properties and the
- * <code>GrantedAuthorities</code>, as we only get back the username from Kerbeos
+ * <code>GrantedAuthorities</code>, as we only get back the username from Kerberos
  * </p>
  *
  * You can see an example configuration in
diff --git a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java
index d9a9f6ad68f..468fa842b71 100644
--- a/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java
+++ b/kerberos/kerberos-core/src/main/java/org/springframework/security/kerberos/authentication/KerberosTicketValidator.java
@@ -31,7 +31,7 @@ public interface KerberosTicketValidator {
 
 	/**
 	 * Validates a Kerberos/SPNEGO ticket.
-	 * @param token Kerbeos/SPNEGO ticket
+	 * @param token Kerberos/SPNEGO ticket
 	 * @return authenticated kerberos principal
 	 * @throws BadCredentialsException if the ticket is not valid
 	 */
diff --git a/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java b/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java
index 018c0722ad4..0abfedec3b6 100644
--- a/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java
+++ b/kerberos/kerberos-web/src/main/java/org/springframework/security/kerberos/web/authentication/SpnegoAuthenticationProcessingFilter.java
@@ -76,7 +76,7 @@
  * &lt;/sec:authentication-manager&gt;
  *
  * &lt;bean id=&quot;kerberosServiceAuthenticationProvider&quot;
- * 	class=&quot;org.springframework.security.kerberos.authenitcation.KerberosServiceAuthenticationProvider&quot;&gt;
+ * 	class=&quot;org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider&quot;&gt;
  * 	&lt;property name=&quot;ticketValidator&quot;&gt;
  * 		&lt;bean class=&quot;org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator&quot;&gt;
  * 			&lt;property name=&quot;servicePrincipal&quot; value=&quot;HTTP/web.springsource.com&quot; /&gt;
@@ -103,7 +103,7 @@
  * <a href="https://bugs.sun.com/view_bug.do?bug_id=6851973">bug</a>.
  * </p>
  * <p>
- * A workaround unti this is fixed in the JVM is to change
+ * A workaround until this is fixed in the JVM is to change
  * </p>
  * HKEY_LOCAL_MACHINE\System \CurrentControlSet\Control\LSA\SuppressExtendedProtection to
  * 0x02
diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java
index b99bfad5f8f..567550a0244 100644
--- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java
@@ -134,9 +134,9 @@ public static class Builder {
 		 * The following are valid patterns and their meaning
 		 * <ul>
 		 * <li>{@code /path} - match exactly and only `/path`</li>
-		 * <li>{@code /path/**} - match `/path` and any of its descendents</li>
+		 * <li>{@code /path/**} - match `/path` and any of its descendants</li>
 		 * <li>{@code /path/{value}/**} - match `/path/subdirectory` and any of its
-		 * descendents, capturing the value of the subdirectory in
+		 * descendants, capturing the value of the subdirectory in
 		 * {@link MessageAuthorizationContext#getVariables()}</li>
 		 * </ul>
 		 *
@@ -169,9 +169,9 @@ public PathPatternMessageMatcher matcher(String pattern) {
 		 * The following are valid patterns and their meaning
 		 * <ul>
 		 * <li>{@code /path} - match exactly and only `/path`</li>
-		 * <li>{@code /path/**} - match `/path` and any of its descendents</li>
+		 * <li>{@code /path/**} - match `/path` and any of its descendants</li>
 		 * <li>{@code /path/{value}/**} - match `/path/subdirectory` and any of its
-		 * descendents, capturing the value of the subdirectory in
+		 * descendants, capturing the value of the subdirectory in
 		 * {@link MessageAuthorizationContext#getVariables()}</li>
 		 * </ul>
 		 *
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 7eb083ca18a..b768189fc21 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -48,7 +48,7 @@ public final class Saml2X509Credential implements Serializable {
 
 	/**
 	 * Creates a {@link Saml2X509Credential} using the provided parameters
-	 * @param certificate the credential's public certificiate
+	 * @param certificate the credential's public certificate
 	 * @param types the credential's intended usages, must be one of
 	 * {@link Saml2X509CredentialType#VERIFICATION} or
 	 * {@link Saml2X509CredentialType#ENCRYPTION} or both.
diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
index d6ac8d9f0bb..110e496e48f 100644
--- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
+++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
@@ -148,7 +148,7 @@ public static DigestRequestPostProcessor digest(String username) {
 
 	/**
 	 * Populates the provided X509Certificate instances on the request.
-	 * @param certificates the X509Certificate instances to pouplate
+	 * @param certificates the X509Certificate instances to populate
 	 * @return the
 	 * {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
 	 */
@@ -157,7 +157,7 @@ public static RequestPostProcessor x509(X509Certificate... certificates) {
 	}
 
 	/**
-	 * Finds an X509Cetificate using a resoureName and populates it on the request.
+	 * Finds an X509Certificate using a resourceName and populates it on the request.
 	 * @param resourceName the name of the X509Certificate resource
 	 * @return the
 	 * {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
index 75524587952..55d91cdb07a 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/EvaluationContextPostProcessor.java
@@ -38,7 +38,7 @@ interface EvaluationContextPostProcessor<I> {
 	 * that was passed in.
 	 * @param context the original {@link EvaluationContext}
 	 * @param invocation the security invocation object (i.e. FilterInvocation)
-	 * @return the upated context.
+	 * @return the updated context.
 	 */
 	EvaluationContext postProcess(EvaluationContext context, I invocation);
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
index 7d97500b6f7..f67dfd53d28 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java
@@ -133,8 +133,8 @@ private static List<String> getWebSphereGroups(final @Nullable String securityNa
 			return new ArrayList<>(groups);
 		}
 		catch (Exception ex) {
-			logger.error("Exception occured while looking up groups for user", ex);
-			throw new RuntimeException("Exception occured while looking up groups for user", ex);
+			logger.error("Exception occurred while looking up groups for user", ex);
+			throw new RuntimeException("Exception occurred while looking up groups for user", ex);
 		}
 		finally {
 			closeContext(context);
@@ -148,7 +148,7 @@ private static void closeContext(@Nullable Context context) {
 			}
 		}
 		catch (NamingException ex) {
-			logger.debug("Exception occured while closing context", ex);
+			logger.debug("Exception occurred while closing context", ex);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
index 49ad13b8810..d54bfc0bbb6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilter.java
@@ -164,7 +164,7 @@ protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServle
 	 * Called if the {@code AuthenticationManager} rejects the authentication object
 	 * returned from the {@code RememberMeServices} {@code autoLogin} method. This method
 	 * will not be called when no remember-me token is present in the request and
-	 * {@code autoLogin} reurns null.
+	 * {@code autoLogin} returns {@code null}.
 	 */
 	protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException failed) {
@@ -184,7 +184,7 @@ public void setApplicationEventPublisher(ApplicationEventPublisher eventPublishe
 	 * successfully authenticated. By default, the filter will just allow the current
 	 * request to proceed, but if an {@code AuthenticationSuccessHandler} is set, it will
 	 * be invoked and the {@code doFilter()} method will return immediately, thus allowing
-	 * the application to redirect the user to a specific URL, regardless of whatthe
+	 * the application to redirect the user to a specific URL, regardless of what the
 	 * original request was for.
 	 * @param successHandler the strategy to invoke immediately before returning from
 	 * {@code doFilter()}.
diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
index 834c455b5c8..6907cd69593 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java
@@ -100,7 +100,7 @@ public void setHeaderName(String headerName) {
 	 * @param sessionAttributeName the new attribute name to use
 	 */
 	public void setSessionAttributeName(String sessionAttributeName) {
-		Assert.hasLength(sessionAttributeName, "sessionAttributename cannot be null or empty");
+		Assert.hasLength(sessionAttributeName, "sessionAttributeName cannot be null or empty");
 		this.sessionAttributeName = sessionAttributeName;
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
index b1bcd907fc0..89a556d398c 100644
--- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java
@@ -799,17 +799,17 @@ public Map<String, String[]> getParameterMap() {
 
 		@Override
 		public Enumeration<String> getParameterNames() {
-			Enumeration<String> paramaterNames = super.getParameterNames();
+			Enumeration<String> parameterNames = super.getParameterNames();
 			return new Enumeration<>() {
 
 				@Override
 				public boolean hasMoreElements() {
-					return paramaterNames.hasMoreElements();
+					return parameterNames.hasMoreElements();
 				}
 
 				@Override
 				public String nextElement() {
-					String name = paramaterNames.nextElement();
+					String name = parameterNames.nextElement();
 					validateAllowedParameterName(name);
 					return name;
 				}
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
index a6dab3bdb4f..cae663c8b58 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriter.java
@@ -25,7 +25,7 @@
 
 /**
  * Provides support for
- * <a href="https://w3c.github.io/webappsec-permissions-policy//">Permisisons Policy</a>.
+ * <a href="https://w3c.github.io/webappsec-permissions-policy//">Permissions Policy</a>.
  * <p>
  * Permissions Policy allows web developers to selectively enable, disable, and modify the
  * behavior of certain APIs and web features in the browser.
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
index a3dd7788439..51fbf2e2bc6 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@@ -23,7 +23,7 @@
 /**
  * Implementation which uses a regular expression to validate the supplied origin. If the
  * value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM
- * &lt;paramter-value&gt;.
+ * &lt;parameter-value&gt;.
  *
  * @author Marten Deinum
  * @since 3.2
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
index 9c0d0dbf230..cf035183871 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/FastHttpDateFormat.java
@@ -141,7 +141,7 @@ public static String formatDate(long value, DateFormat threadLocalformat) {
 	 * Parses date with given formatters.
 	 * @param value The string to parse
 	 * @param formats Array of formats to use
-	 * @return Parsed date (or <code>null</code> if no formatter mached)
+	 * @return Parsed date (or <code>null</code> if no formatter matched)
 	 */
 	private static @Nullable Long internalParseDate(String value, DateFormat[] formats) {
 		Date date = null;
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
index 528ab64d54c..9ed78a46f53 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -126,14 +126,14 @@ private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain
 			.flatMap((authenticationManager) -> authenticationManager.authenticate(token))
 			.switchIfEmpty(Mono
 				.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
-			.flatMap(this::applyCurrentAuthenication)
+			.flatMap(this::applyCurrentAuthentication)
 			.flatMap(
 					(authentication) -> onAuthenticationSuccess(authentication, new WebFilterExchange(exchange, chain)))
 			.doOnError(AuthenticationException.class,
 					(ex) -> logger.debug(LogMessage.format("Authentication failed: %s", ex.getMessage()), ex));
 	}
 
-	private Mono<Authentication> applyCurrentAuthenication(Authentication result) {
+	private Mono<Authentication> applyCurrentAuthentication(Authentication result) {
 		return ReactiveSecurityContextHolder.getContext().map((context) -> {
 			Authentication current = context.getAuthentication();
 			if (current == null) {
diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java
index c7a2b45bcfe..6b13beb9242 100644
--- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java
@@ -268,9 +268,9 @@ public Builder basePath(String basePath) {
 		 * The following are valid patterns and their meaning
 		 * <ul>
 		 * <li>{@code /path} - match exactly and only `/path`</li>
-		 * <li>{@code /path/**} - match `/path` and any of its descendents</li>
+		 * <li>{@code /path/**} - match `/path` and any of its descendants</li>
 		 * <li>{@code /path/{value}/**} - match `/path/subdirectory` and any of its
-		 * descendents, capturing the value of the subdirectory in
+		 * descendants, capturing the value of the subdirectory in
 		 * {@link RequestAuthorizationContext#getVariables()}</li>
 		 * </ul>
 		 *
@@ -303,9 +303,9 @@ public PathPatternRequestMatcher matcher(String path) {
 		 * The following are valid patterns and their meaning
 		 * <ul>
 		 * <li>{@code /path} - match exactly and only `/path`</li>
-		 * <li>{@code /path/**} - match `/path` and any of its descendents</li>
+		 * <li>{@code /path/**} - match `/path` and any of its descendants</li>
 		 * <li>{@code /path/{value}/**} - match `/path/subdirectory` and any of its
-		 * descendents, capturing the value of the subdirectory in
+		 * descendants, capturing the value of the subdirectory in
 		 * {@link RequestAuthorizationContext#getVariables()}</li>
 		 * </ul>
 		 *
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 72d788924e0..700d97a7117 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -72,8 +72,7 @@ public class ThrowableAnalyzer {
 	};
 
 	/**
-	 * Map of registered cause extractors. key: Class&lt;Throwable&gt;; value:
-	 * ThrowableCauseExctractor
+	 * Map of registered cause extractors. key: Class&lt;Throwable&gt;; value: ThrowableCauseExtractor
 	 */
 	private final Map<Class<? extends Throwable>, ThrowableCauseExtractor> extractorMap;
 
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 099caea7a56..2298a51b480 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -87,7 +87,7 @@ else if ("https".equals(scheme)) {
 	 * (SEC-1255). This method is typically used to return a URL for matching against
 	 * secured paths, hence the decoded form is used in preference to the requestURI for
 	 * building the returned value. But this method may also be called using dummy request
-	 * objects which just have the requestURI and contextPatth set, for example, so it
+	 * objects which just have the requestURI and contextPath set, for example, so it
 	 * will fall back to using those.
 	 * @return the decoded URL, excluding any server name, context path or servlet path
 	 *
diff --git a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
index 61dc404e849..03b95a2e00b 100644
--- a/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
+++ b/web/src/test/java/org/springframework/security/web/session/HttpSessionEventPublisherTests.java
@@ -38,7 +38,7 @@ public class HttpSessionEventPublisherTests {
 	 * It's not that complicated so we'll just run it straight through here.
 	 */
 	@Test
-	public void publishedEventIsReceivedbyListener() {
+	public void publishedEventIsReceivedByListener() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 		MockServletContext servletContext = new MockServletContext();
@@ -66,7 +66,7 @@ public void publishedEventIsReceivedbyListener() {
 	}
 
 	@Test
-	public void publishedEventIsReceivedbyListenerChildContext() {
+	public void publishedEventIsReceivedByListenerChildContext() {
 		HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 		MockServletContext servletContext = new MockServletContext();
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java
index 21c769b17cf..7611e5f06c6 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/CredentialRecord.java
@@ -71,7 +71,7 @@ public interface CredentialRecord {
 
 	/**
 	 * The <a href=
-	 * "https://www.w3.org/TR/webauthn-3/#abstract-opdef-credential-record-transports">transpots</a>
+	 * "https://www.w3.org/TR/webauthn-3/#abstract-opdef-credential-record-transports">transports</a>
 	 * is the value returned from {@code response.getTransports()}.
 	 * @return
 	 */
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
index 438a169d1f2..fa8cc99663d 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
@@ -203,7 +203,7 @@ public PublicKeyCredentialBuilder response(R response) {
 
 		/**
 		 * Sets the {@link #getAuthenticatorAttachment()} property.
-		 * @param authenticatorAttachment the authenticator attachement
+		 * @param authenticatorAttachment the authenticator attachment
 		 * @return the PublicKeyCredentialBuilder
 		 */
 		public PublicKeyCredentialBuilder authenticatorAttachment(AuthenticatorAttachment authenticatorAttachment) {
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
index 5e5c0ccacbf..0bba299b394 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
@@ -105,7 +105,7 @@ public Bytes getChallenge() {
 	/**
 	 * The <a href=
 	 * "https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialcreationoptions-pubkeycredparams">publicKeyCredParams</a>
-	 * params lisst the key types and signature algorithms the Relying Party Supports,
+	 * params list the key types and signature algorithms the Relying Party Supports,
 	 * ordered from most preferred to least preferred.
 	 * @return the public key credential parameters
 	 */
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
index 370c3b6a935..b3f9f216a09 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
@@ -19,7 +19,7 @@
 /**
  * The <a href=
  * "https://www.w3.org/TR/webauthn-3/#enumdef-residentkeyrequirement">ResidentKeyRequirement</a>
- * describes the Relying Partys requirements for client-side discoverable credentials.
+ * describes the Relying Party requirements for client-side discoverable credentials.
  *
  * @author Rob Winch
  * @since 6.4

From 30be7402b2710953535ec9c08aa55380e8da36a9 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Sat, 1 Nov 2025 14:16:22 +0700
Subject: [PATCH 2/2] Format code

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 .../security/cas/web/CasAuthenticationFilter.java             | 4 ++--
 .../config/annotation/AbstractConfiguredSecurityBuilder.java  | 4 ++--
 .../springframework/security/web/util/ThrowableAnalyzer.java  | 3 ++-
 .../java/org/springframework/security/web/util/UrlUtils.java  | 4 ++--
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
index 7df0846ea52..9d4d3ce99ce 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -383,8 +383,8 @@ public final void setRequestCache(RequestCache requestCache) {
 	}
 
 	/**
-	 * Indicates if the request is eligible to process a service ticket. This method exists
-	 * for readability.
+	 * Indicates if the request is eligible to process a service ticket. This method
+	 * exists for readability.
 	 * @param request
 	 * @param response
 	 * @return
diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
index f96ea84080f..527eb84759f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -419,8 +419,8 @@ private enum BuildState {
 		UNBUILT(0),
 
 		/**
-		 * The state from when {@link SecurityBuilder#build()} is first invoked until all the
-		 * {@link SecurityConfigurer#init(SecurityBuilder)} methods have been invoked.
+		 * The state from when {@link SecurityBuilder#build()} is first invoked until all
+		 * the {@link SecurityConfigurer#init(SecurityBuilder)} methods have been invoked.
 		 */
 		INITIALIZING(1),
 
diff --git a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
index 700d97a7117..576e24d8b2d 100755
--- a/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
+++ b/web/src/main/java/org/springframework/security/web/util/ThrowableAnalyzer.java
@@ -72,7 +72,8 @@ public class ThrowableAnalyzer {
 	};
 
 	/**
-	 * Map of registered cause extractors. key: Class&lt;Throwable&gt;; value: ThrowableCauseExtractor
+	 * Map of registered cause extractors. key: Class&lt;Throwable&gt;; value:
+	 * ThrowableCauseExtractor
 	 */
 	private final Map<Class<? extends Throwable>, ThrowableCauseExtractor> extractorMap;
 
diff --git a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
index 2298a51b480..926872a0d1b 100644
--- a/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/UrlUtils.java
@@ -87,8 +87,8 @@ else if ("https".equals(scheme)) {
 	 * (SEC-1255). This method is typically used to return a URL for matching against
 	 * secured paths, hence the decoded form is used in preference to the requestURI for
 	 * building the returned value. But this method may also be called using dummy request
-	 * objects which just have the requestURI and contextPath set, for example, so it
-	 * will fall back to using those.
+	 * objects which just have the requestURI and contextPath set, for example, so it will
+	 * fall back to using those.
 	 * @return the decoded URL, excluding any server name, context path or servlet path
 	 *
 	 */