apache · lprimak · Feb 10, 2025 · Feb 9, 2025
diff --git a/core/src/main/java/org/apache/shiro/authc/credential/CredentialsMatcher.java b/core/src/main/java/org/apache/shiro/authc/credential/CredentialsMatcher.java
@@ -33,8 +33,6 @@
  *
  * @see SimpleCredentialsMatcher
  * @see AllowAllCredentialsMatcher
- * @see Md5CredentialsMatcher
- * @see Sha1CredentialsMatcher
  * @since 0.1
  */
 public interface CredentialsMatcher {

diff --git a/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java b/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java
@@ -49,7 +49,7 @@
  * <h2>Salting and Multiple Hash Iterations</h2>
  * Because simple hashing is usually not good enough for secure applications, this class also supports 'salting'
  * and multiple hash iterations.  Please read this excellent
- * <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a> to learn about
+ * <a href="http://www.owasp.org/index.php/Hashing_Java">Hashing Java article</a> to learn about
  * salting and multiple iterations and why you might want to use them. (Note of sections 5
  * &quot;Why add salt?&quot; and 6 "Hardening against the attacker's attack").</p>
  * <h4>Real World Case Study</h4>
@@ -100,9 +100,8 @@
  * <h3>Multiple Hash Iterations</h3>
  * If you hash your users' credentials multiple times before persisting to the data store, you will also need to
  * set this class's {@link #setHashIterations(int) hashIterations} property.  See the
- * <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a>'s
- * <a href="http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack">
- * &quot;Hardening against the attacker's attack&quot;</a> section to learn more about why you might want to use
+ * <a href="https://web.archive.org/web/20140329025341/http://www.owasp.org/index.php/Hashing_Java">Hashing Java article</a>'s
+ * &quot;Hardening against the attacker's attack&quot; section to learn more about why you might want to use
  * multiple hash iterations.
  * <h2>MD5 &amp; SHA-1 Notice</h2>
  * <a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and

diff --git a/core/src/main/java/org/apache/shiro/authz/AuthorizationInfo.java b/core/src/main/java/org/apache/shiro/authz/AuthorizationInfo.java
@@ -26,7 +26,7 @@
  * used during authorization (access control) checks only.
  * <p/>
  * Roles are represented as a <code>Collection</code> of Strings
- * ({@link java.util.Collection Collection}<{@link String String}>), typically each element being the Role name.
+ * ({@link java.util.Collection Collection}&lt;{@link String String}&gt;), typically each element being the Role name.
  * <p/>
  * {@link Permission Permission}s are provided in two ways:
  * <ul>

diff --git a/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java b/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java
@@ -91,10 +91,10 @@ public void setRealms(Collection<Realm> realms) {
     }
 
     /**
-     * Returns the PermissionResolver to be used on <em>all</em> configured realms, or <code>null</code (the default)
+     * Returns the PermissionResolver to be used on <em>all</em> configured realms, or <code>null</code> (the default)
      * if all realm instances will each configure their own permission resolver.
      *
-     * @return the PermissionResolver to be used on <em>all</em> configured realms, or <code>null</code (the default)
+     * @return the PermissionResolver to be used on <em>all</em> configured realms, or <code>null</code> (the default)
      * if realm instances will each configure their own permission resolver.
      * @since 1.0
      */
@@ -145,10 +145,10 @@ protected void applyPermissionResolverToRealms() {
     }
 
     /**
-     * Returns the RolePermissionResolver to be used on <em>all</em> configured realms, or <code>null</code (the default)
+     * Returns the RolePermissionResolver to be used on <em>all</em> configured realms, or <code>null</code> (the default)
      * if all realm instances will each configure their own permission resolver.
      *
-     * @return the RolePermissionResolver to be used on <em>all</em> configured realms, or <code>null</code (the default)
+     * @return the RolePermissionResolver to be used on <em>all</em> configured realms, or <code>null</code> (the default)
      * if realm instances will each configure their own role permission resolver.
      * @since 1.0
      */

diff --git a/core/src/main/java/org/apache/shiro/realm/ldap/LdapUtils.java b/core/src/main/java/org/apache/shiro/realm/ldap/LdapUtils.java
@@ -86,8 +86,8 @@ public static Collection<String> getAllAttributeValues(Attribute attr) throws Na
 
     /**
      * added based on SHIRO-127, per Emmanuel's comment [1]
-     * [1] <a href="https://issues.apache.org/jira/browse/SHIRO-127?focusedCommentId=12891380&"
-     * + "page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12891380" />
+     * [1] <a href="https://issues.apache.org/jira/browse/SHIRO-127?focusedCommentId=12891380
+     * &page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12891380">SHIRO-127</a>
      */
     public static void closeEnumeration(NamingEnumeration ne) {
         try {

diff --git a/core/src/main/java/org/apache/shiro/session/mgt/eis/SessionDAO.java b/core/src/main/java/org/apache/shiro/session/mgt/eis/SessionDAO.java
@@ -117,7 +117,7 @@ public interface SessionDAO {
      * return something similar to the results returned by this query (assuming
      * {@link org.apache.shiro.session.mgt.SimpleSession SimpleSession}s were being stored):
      * <pre>
-     * select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
+     * select * from sessions s where s.lastAccessTimestamp &lt; ? and s.stopTimestamp is null
      * </pre>
      * where the {@code ?} parameter is a date instance equal to 'now' minus the session timeout
      * (e.g. now - 30 minutes).

diff --git a/core/src/main/java/org/apache/shiro/subject/Subject.java b/core/src/main/java/org/apache/shiro/subject/Subject.java
@@ -351,7 +351,7 @@ public interface Subject {
      * Although the underlying implementation determines exactly how this method functions, most implementations have
      * this method act as the logical equivalent to this code:
      * <pre>
-     * {@link #getPrincipal() getPrincipal()} != null && !{@link #isAuthenticated() isAuthenticated()}</pre>
+     * {@link #getPrincipal() getPrincipal()} != null &amp;&amp; !{@link #isAuthenticated() isAuthenticated()}</pre>
      * <p/>
      * Note as indicated by the above code example, if a {@code Subject} is remembered, they are
      * <em>NOT</em> considered authenticated.  A check against {@link #isAuthenticated() isAuthenticated()} is a more

diff --git a/core/src/main/java/org/apache/shiro/util/JavaEnvironment.java b/core/src/main/java/org/apache/shiro/util/JavaEnvironment.java
@@ -119,7 +119,7 @@ public static String getVersion() {
 
     /**
      * Get the major version code. This means we can do things like
-     * <code>if (getMajorVersion() < JAVA_14)</code>.
+     * <code>if (getMajorVersion() &lt; JAVA_14)</code>.
      *
      * @return a code comparable to the JAVA_XX codes in this class
      * @see #JAVA_13