Update javadoc and apply StringUtils#hasLength

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>

access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java

@@ -31,6 +31,7 @@ import org.jspecify.annotations.Nullable;
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
+import org.springframework.util.StringUtils;
 
 /**
  * Sources method security metadata from major JSR 250 security annotations.
@@ -108,7 +109,7 @@ public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSe
 		if (role == null) {
 			return role;
 		}
-		if (this.defaultRolePrefix == null || this.defaultRolePrefix.isEmpty()) {
+		if (!StringUtils.hasLength(this.defaultRolePrefix)) {
 			return role;
 		}
 		if (role.startsWith(this.defaultRolePrefix)) {

cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java

@@ -111,10 +111,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 */
 	private @Nullable String getQueryString(final HttpServletRequest request, final Pattern artifactPattern) {
 		final String query = request.getQueryString();
-		if (query == null) {
-			return null;
-		}
-		String result = artifactPattern.matcher(query).replaceFirst("");
+		String result = query == null ? "" : artifactPattern.matcher(query).replaceFirst("");
 		if (result.isEmpty()) {
 			return null;
 		}
@@ -127,8 +124,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 * {@link Pattern} to be reused for every instance of
 	 * {@link DefaultServiceAuthenticationDetails}.
 	 * @param artifactParameterName the artifactParameterName that is removed from the
-	 * current URL. The result becomes the service url. Cannot be null and cannot be an
-	 * empty String.
+	 * current URL. The result becomes the service url. Cannot be null or an empty String.
 	 * @return a {@link Pattern}
 	 */
 	static Pattern createArtifactPattern(String artifactParameterName) {

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -30,6 +30,7 @@ import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.DefaultAuthorizationManagerFactory;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.util.function.SingletonSupplier;
 
 /**

crypto/src/main/java/org/springframework/security/crypto/password/AbstractValidatingPasswordEncoder.java

@@ -18,6 +18,8 @@ package org.springframework.security.crypto.password;
 
 import org.jspecify.annotations.Nullable;
 
+import org.springframework.util.StringUtils;
+
 /**
  * Implementation of PasswordEncoder.
  *
@@ -38,20 +40,20 @@ public abstract class AbstractValidatingPasswordEncoder implements PasswordEncod
 
 	@Override
 	public final boolean matches(@Nullable CharSequence rawPassword, @Nullable String encodedPassword) {
-		if (rawPassword == null || rawPassword.isEmpty() || encodedPassword == null || encodedPassword.isEmpty()) {
-			return false;
+		if (StringUtils.hasLength(rawPassword) && StringUtils.hasLength(encodedPassword)) {
+			return matchesNonNull(rawPassword.toString(), encodedPassword);
 		}
-		return matchesNonNull(rawPassword.toString(), encodedPassword);
+		return false;
 	}
 
 	protected abstract boolean matchesNonNull(String rawPassword, String encodedPassword);
 
 	@Override
 	public final boolean upgradeEncoding(@Nullable String encodedPassword) {
-		if (encodedPassword == null || encodedPassword.isEmpty()) {
-			return false;
+		if (StringUtils.hasLength(encodedPassword)) {
+			return upgradeEncodingNonNull(encodedPassword);
 		}
-		return upgradeEncodingNonNull(encodedPassword);
+		return false;
 	}
 
 	protected boolean upgradeEncodingNonNull(String encodedPassword) {

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -36,6 +36,7 @@ import org.jspecify.annotations.Nullable;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
@@ -322,7 +323,7 @@ public class DefaultSavedRequest implements SavedRequest {
 		if (matchingRequestParameterName == null) {
 			return queryString;
 		}
-		if (queryString == null || queryString.isEmpty()) {
+		if (!StringUtils.hasLength(queryString)) {
 			return matchingRequestParameterName;
 		}
 		return UriComponentsBuilder.newInstance()

web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.util;
 
+import org.springframework.util.StringUtils;
+
 /**
  * Internal utility for escaping characters in HTML strings.
  *
@@ -25,7 +27,7 @@ package org.springframework.security.web.util;
 public abstract class TextEscapeUtils {
 
 	public static String escapeEntities(String s) {
-		if (s == null || s.isEmpty()) {
+		if (!StringUtils.hasLength(s)) {
 			return s;
 		}
 		StringBuilder sb = new StringBuilder();