[SHIRO-805] Spelling

* account
* against
* and
* application
* authentication
* authorization
* authorizer
* automatically
* axes
* both
* build
* case
* consistent
* contains
* control
* controls
* created
* deauthenticating
* defaults
* defined
* delimited
* delimiter
* deserialized
* deserializes
* e.g.
* efficient
* encapsulate
* encryption
* environment
* et al.
* etc.
* evaluate
* evaluator
* exception
* explicitly
* false
* filters
* from
* hash format
* hashed
* hierarchy
* i.e.
* identifier
* identifying
* immediately
* implementation
* implementers
* inferring
* injectable
* iterator
* join point
* manner
* modifier
* nonexistent
* obtained
* overridden
* password
* performing
* permission
* permissions
* preemptively
* recognized
* reget
* remnant
* request
* required
* resolvable
* returned
* safely
* session
* subsequent
* successfully
* type
* undertow
* usually
* wield

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

.jenkins.groovy

@@ -40,7 +40,7 @@ pipeline {
                                 'jdk_11_latest', 'adopt_hs_11_latest', 'adopt_j9_11_latest',
                                 'jdk_16_latest', 'adopt_hs_16_latest', 'adopt_j9_16_latest'
                     }
-                    // Additional axess, like OS and maven version can be configured here.
+                    // Additional axes, like OS and maven version can be configured here.
                 }
 
                 agent {
@@ -159,7 +159,7 @@ Check console output at "<a href="${env.BUILD_URL}">${env.JOB_NAME} [${env.BRANC
                     // Send an email, if the last build was not successful and this one is.
                     success {
                         // Cleanup the build directory if the build was successful
-                        // (in this cae we probably don't have to do any post-build analysis)
+                        // (in this case we probably don't have to do any post-build analysis)
                         cleanWs()
                         script {
                             if (deployableBranch

RELEASE-NOTES

@@ -53,7 +53,7 @@ Bug
 
 Bug
 
-    [SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertown as web container
+    [SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
     [SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean
 
 New Feature
@@ -191,7 +191,7 @@ Test
 Task
 
     [SHIRO-690] - Validate JDK11 compatibility
-    [SHIRO-692] - Upgrade and enforce min buid maven version to 3.5.0
+    [SHIRO-692] - Upgrade and enforce min build maven version to 3.5.0
     [SHIRO-698] - Improve build with maven profile
     [SHIRO-734] - Remove Spring-client sample
     [SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse)
@@ -448,7 +448,7 @@ Bug:
 
     [SHIRO-316] - Annotations in samples-aspectj Project Does not Work
     [SHIRO-351] - Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)
-    [SHIRO-379] - SimpleAccoutRealm concurrency access to roles and users
+    [SHIRO-379] - SimpleAccountRealm concurrency access to roles and users
     [SHIRO-380] - runAs feature (still) doesn't work
     [SHIRO-387] - EnvironmentLoader destroys wrong environment
     [SHIRO-388] - Stackoverflow org.apache.shiro.session.SessionListener.onStop()

cache/src/main/java/org/apache/shiro/cache/Cache.java

@@ -27,7 +27,7 @@
  * <p>Shiro doesn't implement a full Cache mechanism itself, since that is outside the core competency of a
  * Security framework.  Instead, this interface provides an abstraction (wrapper) API on top of an underlying
  * cache framework's cache instance (e.g. JCache, Ehcache, JCS, OSCache, JBossCache, TerraCotta, Coherence,
- * GigaSpaces, etc, etc), allowing a Shiro user to configure any cache mechanism they choose.
+ * GigaSpaces, etc., etc.), allowing a Shiro user to configure any cache mechanism they choose.
  *
  * @since 0.2
  */

cache/src/main/java/org/apache/shiro/cache/CacheManager.java

@@ -24,7 +24,7 @@
  * <p>Shiro doesn't implement a full Cache mechanism itself, since that is outside the core competency of a
  * Security framework.  Instead, this interface provides an abstraction (wrapper) API on top of an underlying
  * cache framework's main Manager component (e.g. JCache, Ehcache, JCS, OSCache, JBossCache, TerraCotta, Coherence,
- * GigaSpaces, etc, etc), allowing a Shiro user to configure any cache mechanism they choose.
+ * GigaSpaces, etc., etc.), allowing a Shiro user to configure any cache mechanism they choose.
  *
  * @since 0.9
  */

cache/src/main/java/org/apache/shiro/cache/MemoryConstrainedCacheManager.java

@@ -29,7 +29,7 @@
  * While the {@code Cache} instances created are thread-safe, they do not offer any enterprise-level features such as
  * cache coherency, optimistic locking, failover or other similar features.  For more enterprise features, consider
  * using a different {@code CacheManager} implementation backed by an enterprise-grade caching product (Hazelcast,
- * EhCache, TerraCotta, Coherence, GigaSpaces, etc, etc).
+ * EhCache, TerraCotta, Coherence, GigaSpaces, etc., etc.).
  *
  * @since 1.0
  */

core/src/main/java/org/apache/shiro/aop/MethodInvocation.java

@@ -51,10 +51,10 @@ public interface MethodInvocation {
     Object[] getArguments();
 
     /**
-     * Returns the object that holds the current joinpoint's static part.
+     * Returns the object that holds the current join point's static part.
      * For instance, the target object for an invocation.
      *
-     * @return the object that holds the current joinpoint's static part.
+     * @return the object that holds the current join point's static part.
      * @since 1.0
      */
     Object getThis();

core/src/main/java/org/apache/shiro/aop/package-info.java

@@ -21,6 +21,6 @@
  * <p/>
  * As this package is a root-level package under <tt>org.apache.shiro</tt>, it contains AOP support classes
  * useful for any AOP environment and/or function. Feature-dependent AOP classes (e.g. authorization,
- * authentication, etc) will use these classes as their base in their respective packages.
+ * authentication, etc.) will use these classes as their base in their respective packages.
  */
 package org.apache.shiro.aop;

core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java

@@ -247,7 +247,7 @@ public final AuthenticationInfo authenticate(AuthenticationToken token) throws A
      * {@code AuthenticationException} if there is a problem during
      * authentication instead of returning {@code null}.  A {@code null} return value indicates
      * a configuration or programming error, since {@code AuthenticationException}s should
-     * indicate any expected problem (such as an unknown account or username, or invalid password, etc).
+     * indicate any expected problem (such as an unknown account or username, or invalid password, etc.).
      *
      * @param token the authentication token encapsulating the user's login information.
      * @return an {@code AuthenticationInfo} object encapsulating the user's account information

core/src/main/java/org/apache/shiro/authc/Account.java

@@ -29,7 +29,7 @@
  * encapsulate both the authentication and authorization information used by both authc and authz operations.
  * <p/>
  * <b>Please Note</b>:  Since Shiro sometimes logs account operations, please ensure your Account's <code>toString()</code>
- * implementation does <em>not</em> print out account credentials (password, etc), as these might be viewable to
+ * implementation does <em>not</em> print out account credentials (password, etc.), as these might be viewable to
  * someone reading your logs.  This is good practice anyway, and account principals should rarely (if ever) be printed
  * out for any reason.  If you're using Shiro's default implementations of this interface, they only ever print the
  * account {@link #getPrincipals() principals}, so you do not need to do anything additional.

core/src/main/java/org/apache/shiro/authc/AuthenticationInfo.java

@@ -46,7 +46,7 @@
  * preferences.
  * <p/>
  * <p><b>Please note:</b>  Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's
- * <code>toString()</code> implementation does <em>not</em> print out account credentials (password, etc), as these might be viewable to
+ * <code>toString()</code> implementation does <em>not</em> print out account credentials (password, etc.), as these might be viewable to
  * someone reading your logs.  This is good practice anyway, and account credentials should rarely (if ever) be printed
  * out for any reason.  If you're using Shiro's default implementations of this interface, they only ever print the
  * account {@link #getPrincipals() principals}, so you do not need to do anything additional.</p>
@@ -59,7 +59,7 @@ public interface AuthenticationInfo extends Serializable {
 
     /**
      * Returns all principals associated with the corresponding Subject.  Each principal is an identifying piece of
-     * information useful to the application such as a username, or user id, a given name, etc - anything useful
+     * information useful to the application such as a username, or user id, a given name, etc. - anything useful
      * to the application to identify the current <code>Subject</code>.
      * <p/>
      * The returned PrincipalCollection should <em>not</em> contain any credentials used to verify principals, such

core/src/main/java/org/apache/shiro/authc/AuthenticationToken.java

@@ -34,7 +34,7 @@
  * <p/>
  * <p>Because applications represent user data and credentials in different ways, implementations
  * of this interface are application-specific.  You are free to acquire a user's principals and
- * credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc) and
+ * credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc.) and
  * then submit them to the Shiro framework in the form of an implementation of this
  * interface.
  * <p/>
@@ -68,7 +68,7 @@ public interface AuthenticationToken extends Serializable {
      * sufficient for your use.
      * <p/>
      * <p>Ultimately, the object returned is application specific and can represent
-     * any account identity (user id, X.509 certificate, etc).
+     * any account identity (user id, X.509 certificate, etc.).
      *
      * @return the account identity submitted during the authentication process.
      * @see UsernamePasswordToken

core/src/main/java/org/apache/shiro/authc/LogoutAware.java

@@ -23,7 +23,7 @@
 /**
  * An SPI interface allowing cleanup logic to be executed during logout of a previously authenticated Subject/user.
  *
- * <p>As it is an SPI interface, it is really intended for SPI implementors such as those implementing Realms.
+ * <p>As it is an SPI interface, it is really intended for SPI implementers such as those implementing Realms.
  *
  * <p>All of Shiro's concrete Realm implementations implement this interface as a convenience for those wishing
  * to subclass them.

core/src/main/java/org/apache/shiro/authc/SimpleAccount.java

@@ -206,7 +206,7 @@ public SimpleAccount(PrincipalCollection principals, Object credentials, Set<Str
     ============================================*/
 
     /**
-     * Returns the principals, aka the identifying attributes (username, user id, first name, last name, etc) of this
+     * Returns the principals, aka the identifying attributes (username, user id, first name, last name, etc.) of this
      * Account.
      *
      * @return all the principals, aka the identifying attributes, of this Account.
@@ -216,7 +216,7 @@ public PrincipalCollection getPrincipals() {
     }
 
     /**
-     * Sets the principals, aka the identifying attributes (username, user id, first name, last name, etc) of this
+     * Sets the principals, aka the identifying attributes (username, user id, first name, last name, etc.) of this
      * Account.
      *
      * @param principals all the principals, aka the identifying attributes, of this Account.
@@ -249,10 +249,10 @@ public void setCredentials(Object credentials) {
     }
 
     /**
-     * Returns the salt used to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
+     * Returns the salt used to hash this Account's credentials (e.g. for password hashing), or {@code null} if no salt
      * was used or credentials were not hashed at all.
      *
-     * @return the salt used to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
+     * @return the salt used to hash this Account's credentials (e.g. for password hashing), or {@code null} if no salt
      *         was used or credentials were not hashed at all.
      * @since 1.1
      */
@@ -261,10 +261,10 @@ public ByteSource getCredentialsSalt() {
     }
 
     /**
-     * Sets the salt to use to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
+     * Sets the salt to use to hash this Account's credentials (e.g. for password hashing), or {@code null} if no salt
      * is used or credentials are not hashed at all.
      *
-     * @param salt the salt to use to hash this Account's credentials (eg for password hashing), or {@code null} if no
+     * @param salt the salt to use to hash this Account's credentials (e.g. for password hashing), or {@code null} if no
      *             salt is used or credentials are not hashed at all.
      * @since 1.1
      */
@@ -360,7 +360,7 @@ public Collection<Permission> getObjectPermissions() {
     }
 
     /**
-     * Sets all object-based permissions assigned directly to this Account (not any of its realms).
+     * Set al. object-based permissions assigned directly to this Account (not any of its realms).
      *
      * @param permissions the object-based permissions to assign directly to this Account.
      */

core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java

@@ -135,7 +135,7 @@ public PrincipalCollection getPrincipals() {
     /**
      * Sets the identifying principal(s) represented by this instance.
      *
-     * @param principals the indentifying attributes of the corresponding Realm account.
+     * @param principals the identifying attributes of the corresponding Realm account.
      */
     public void setPrincipals(PrincipalCollection principals) {
         this.principals = principals;

core/src/main/java/org/apache/shiro/authc/credential/DefaultPasswordService.java

@@ -60,7 +60,7 @@ public class DefaultPasswordService implements HashingPasswordService {
     /**
      * Constructs a new PasswordService with a default hash service and the default
      * algorithm name {@value #DEFAULT_HASH_ALGORITHM}, a default hash format (shiro2) and
-     * a default hashformat factory.
+     * a default hash format factory.
      *
      * <p>The default algorithm can change between minor versions and does not introduce
      * API incompatibility by design.</p>

core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java

@@ -93,7 +93,7 @@
  * If this is not possible for some reason, this class will retain 1.0 backwards-compatible behavior of obtaining
  * the salt via the now-deprecated {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)} method.  This
  * method will only be invoked if a {@code Realm} <em>does not</em> return
- * {@link SaltedAuthenticationInfo SaltedAutenticationInfo} instances and {@link #isHashSalted() hashSalted} is
+ * {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances and {@link #isHashSalted() hashSalted} is
  * {@code true}.
  * But please note that the {@link #isHashSalted() hashSalted} property and the
  * {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)} methods will be removed before the Shiro 2.0

core/src/main/java/org/apache/shiro/authc/credential/HashingPasswordService.java

@@ -58,7 +58,7 @@ public interface HashingPasswordService extends PasswordService {
      * </pre>
      *
      * @param plaintext the raw password as 'byte-backed' object (String, character array, {@link ByteSource},
-     *                  etc) usually acquired from your application's 'new user' or 'password reset' workflow.
+     *                  etc.) usually acquired from your application's 'new user' or 'password reset' workflow.
      * @return the hashed password.
      * @throws IllegalArgumentException if the argument cannot be easily converted to bytes as defined by
      *                                  {@link ByteSource.Util#isCompatible(Object)}.

core/src/main/java/org/apache/shiro/authc/credential/PasswordService.java

@@ -106,7 +106,7 @@ public interface PasswordService {
      * </pre>
      *
      * @param plaintextPassword the raw password as 'byte-backed' object (String, character array, {@link ByteSource},
-     *                          etc) usually acquired from your application's 'new user' or 'password reset' workflow.
+     *                          etc.) usually acquired from your application's 'new user' or 'password reset' workflow.
      * @return the encrypted password, formatted for storage.
      * @throws IllegalArgumentException if the argument cannot be easily converted to bytes as defined by
      *                                  {@link ByteSource.Util#isCompatible(Object)}.

core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java

@@ -210,7 +210,7 @@ protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms
             try {
                 aggregate = strategy.beforeAttempt(realm, token, aggregate);
             } catch (ShortCircuitIterationException shortCircuitSignal) {
-                // Break from continuing with subsequnet realms on receiving 
+                // Break from continuing with subsequent realms on receiving 
                 // short circuit signal from strategy
                 break;
             }

core/src/main/java/org/apache/shiro/authc/pam/package-info.java

@@ -26,7 +26,7 @@
  * one or more Realm instances.
  * <p/>
  * How the <code>ModularRealmAuthenticator</code> actually coordinates this behavior is configurable based on your
- * application's needs using an injectible
+ * application's needs using an injectable
  * {@link AuthenticationStrategy}.
  */
 package org.apache.shiro.authc.pam;

core/src/main/java/org/apache/shiro/authz/AuthorizationInfo.java

@@ -22,7 +22,7 @@
 import java.util.Collection;
 
 /**
- * <code>AuthorizationInfo</code> represents a single Subject's stored authorization data (roles, permissions, etc)
+ * <code>AuthorizationInfo</code> represents a single Subject's stored authorization data (roles, permissions, etc.)
  * used during authorization (access control) checks only.
  * <p/>
  * Roles are represented as a <code>Collection</code> of Strings
@@ -40,7 +40,7 @@
  * <p/>
  * Because the act of authorization (access control) is orthogonal to authentication (log-in), this interface is
  * intended to represent only the account data needed by Shiro during an access control check
- * (role, permission, etc).  Shiro also has a parallel
+ * (role, permission, etc.).  Shiro also has a parallel
  * {@link org.apache.shiro.authc.AuthenticationInfo AuthenticationInfo} interface for use during the authentication
  * process that represents identity data such as principals and credentials.
  * <p/>

core/src/main/java/org/apache/shiro/authz/Permission.java

@@ -36,7 +36,7 @@
  * <em>permissions</em> are assigned to these roles.
  * <p/>
  * Under this paradigm, permissions are immutable and reflect an application's raw functionality
- * (opening files, accessing a web URL, creating users, etc).  This is what allows a system's security policy
+ * (opening files, accessing a web URL, creating users, etc.).  This is what allows a system's security policy
  * to be dynamic: because Permissions represent raw functionality and only change when the application's
  * source code changes, they are immutable at runtime - they represent 'what' the system can do.  Roles, users, and
  * groups are the 'who' of the application.  Determining 'who' can do 'what' then becomes a simple exercise of
@@ -46,7 +46,7 @@
  * Permissions) and then associate users with roles (i.e. a user 'has a' collection of roles) so that by transitive
  * association, the user 'has' the permissions in their roles.  There are numerous variations on this theme
  * (permissions assigned directly to users, or assigned to groups, and users added to groups and these groups in turn
- * have roles, etc, etc).  When employing a permission-based security model instead of a role-based one, users, roles,
+ * have roles, etc., etc.).  When employing a permission-based security model instead of a role-based one, users, roles,
  * and groups can all be created, configured and/or deleted at runtime.  This enables  an extremely powerful security
  * model.
  * <p/>

core/src/main/java/org/apache/shiro/authz/UnauthenticatedException.java

@@ -23,7 +23,7 @@
  * authentication hasn't yet occurred.
  *
  * <p>Authorizations can only be performed after a successful
- * authentication because authorization data (roles, permissions, etc) must always be associated
+ * authentication because authorization data (roles, permissions, etc.) must always be associated
  * with a known identity.  Such a known identity can only be obtained upon a successful log-in.
  *
  * @since 0.1

core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationMethodInterceptor.java

@@ -53,7 +53,7 @@ public PermissionAnnotationMethodInterceptor(AnnotationResolver resolver) {
      * @param methodArgs the <code>MethodInvocation</code> method arguments.
      * @param namePath the Annotation 'name' value, which is a string-based permission definition.
      * @return the String permission representation.
-     * @throws Exception if there is an error infering the target.
+     * @throws Exception if there is an error inferring the target.
      *
     protected String inferTargetFromPath(Object[] methodArgs, String namePath) throws Exception {
         int propertyStartIndex = -1;

core/src/main/java/org/apache/shiro/authz/permission/PermissionResolver.java

@@ -21,7 +21,7 @@
 import org.apache.shiro.authz.Permission;
 
 /**
- * A {@code PermisisonResolver} resolves a String value and converts it into a
+ * A {@code PermissionResolver} resolves a String value and converts it into a
  * {@link org.apache.shiro.authz.Permission Permission} instance.
  * <p/>
  * The default {@link WildcardPermissionResolver} should be