spring-security/etc/checkstyle/checkstyle-suppressions.xml

<?xml version="1.0"?>
<!DOCTYPE suppressions PUBLIC
		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
<suppressions>
	<suppress files=".*" checks="JavadocMethod" />
	<suppress files=".*" checks="JavadocStyle" />
	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
	<suppress files=".*" checks="JavadocType" />
	<suppress files=".*" checks="JavadocVariable" />
	<suppress files=".*" checks="NonEmptyAtclauseDescription" />
	<suppress files=".*" checks="SpringJavadoc" />

	<!-- Ignore third-party code -->
	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
	<suppress files="org[\\/]springframework[\\/]security[\\/]core[\\/]ComparableVersion\.java" checks=".*"/>

	<!-- Suppress sun.misc.Unsafe in this class (we should eventually remove its usage but it is unrelated to nullability imports) -->
	<suppress files="StaticFinalReflectionUtils\.java" checks="IllegalImport" id="bannedNullabilityImports"/>

	<!-- Method Visibility that we can't reduce -->
	<suppress files="AbstractAclVoterTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="AnnotationParameterNameDiscovererTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="AnnotationSecurityAspectTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="AuthenticationPrincipalArgumentResolverTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="ELRequestMatcherContext\.java" checks="SpringMethodVisibility"/>
	<suppress files="EnableWebFluxSecurityTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="ExpressionBasedPreInvocationAdviceTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="Jsr250MethodSecurityMetadataSourceTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="JdbcOAuth2AuthorizationService\.java" checks="SpringMethodVisibility"/>
	<suppress files="MapBasedMethodSecurityMetadataSourceTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="OAuth2ResourceServerBeanDefinitionParserTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="ObjectIdentityImplTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="ObjectIdentityRetrievalStrategyImplTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="ProtectPointcutPostProcessor\.java" checks="SpringMethodVisibility"/>
	<suppress files="ReactiveMethodSecurityConfigurationTests" checks="SpringMethodVisibility"/>
	<suppress files="WebSocketMessageBrokerConfigTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="WebSecurityConfigurationTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="WithSecurityContextTestExecutionListenerTests\.java" checks="SpringMethodVisibility"/>
	<suppress files="JoseHeader\.java" checks="SpringMethodVisibility"/>
	<suppress files="AbstractOAuth2AuthorizationCodeRequestAuthenticationToken\.java" checks="SpringMethodVisibility"/>
	<suppress files="DefaultLoginPageGeneratingFilterTests\.java" checks="SpringLeadingWhitespace"/>
	<suppress files="AuthenticationException\.java" checks="MutableException"/>
	<suppress files="FilterInvocationExpressionRoot\.java" checks="SpringMethodVisibility"/>

	<!-- Lambdas that we can't replace with a method reference because a closure is required -->
	<suppress files="BearerTokenAuthenticationFilter\.java" checks="SpringLambda"/>

	<!-- CSS content -->
	<suppress files="CssUtils\.java" checks="SpringLeadingWhitespace"/>

	<!-- Ignore String.toUpperCase() and String.toLowerCase() checks in tests -->
	<suppress files="[\\/]src[\\/]test[\\/]" checks="RegexpSinglelineJava" id="toLowerCaseWithoutLocale"/>
	<suppress files="[\\/]src[\\/]test[\\/]" checks="RegexpSinglelineJava" id="toUpperCaseWithoutLocale"/>

	<!-- Suppress @NullMarked check for all files that are NOT package-info.java -->
	<suppress files=".*(?&lt;!package-info)\.java$" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>

	<!-- Suppress package-info.java and @NullMarked checks for test sources -->
	<suppress files="[\\/]src[\\/]test[\\/]" checks="JavadocPackage"/>
	<suppress files="[\\/]src[\\/]test[\\/].*package-info\.java$" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>

	<!-- Suppress package-info.java and @NullMarked checks for integration test sources -->
	<suppress files="[\\/]src[\\/]integration-test[\\/]" checks="JavadocPackage"/>
	<suppress files="[\\/]src[\\/]integration-test[\\/].*package-info\.java$" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>

	<!-- Suppress package-info.java and @NullMarked checks for test fixture sources -->
	<suppress files="[\\/]src[\\/]testFixtures[\\/]" checks="JavadocPackage"/>
	<suppress files="[\\/]src[\\/]testFixtures[\\/].*package-info\.java$" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>

	<!-- Suppress nullability checks for modules that don't have JSpecify nullability applied yet -->
	<suppress files="access[\\/]" checks="IllegalImport" id="bannedNullabilityImports"/>
	<suppress files="access[\\/]" checks="JavadocPackage"/>
	<suppress files="access[\\/].*package-info\.java" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>
	<suppress files="aspects[\\/]" checks="IllegalImport" id="bannedNullabilityImports"/>
	<suppress files="aspects[\\/]" checks="JavadocPackage"/>
	<suppress files="aspects[\\/].*package-info\.java" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>
	<suppress files="config[\\/]" checks="IllegalImport" id="bannedNullabilityImports"/>
	<suppress files="config[\\/]" checks="JavadocPackage"/>
	<suppress files="config[\\/].*package-info\.java" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>
	<suppress files="itest[\\/]" checks="IllegalImport" id="bannedNullabilityImports"/>
	<suppress files="itest[\\/]" checks="JavadocPackage"/>
	<suppress files="itest[\\/].*package-info\.java" checks="RegexpMultiline" id="requireNullMarkedInPackageInfo"/>
	<suppress files="saml2[\\/]saml2-service-provider[\\/]" checks="JavadocPackage"/>
</suppressions>