fixed code and added suppressions inline as required by new config (wip)

config/core/src/main/java/org/apache/shiro/config/Ini.java

@@ -44,6 +44,7 @@
  *
  * @since 1.0
  */
+@SuppressWarnings({"checkstyle:MethodCount", "checkstyle:CyclomaticComplexity"})
 public final class Ini implements Map<String, Ini.Section> {
 
     /**

config/ogdl/src/main/java/org/apache/shiro/config/ogdl/ReflectionBuilder.java

@@ -67,6 +67,7 @@
  *
  * @since 0.9
  */
+@SuppressWarnings("checkstyle:MethodCount")
 public class ReflectionBuilder {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ReflectionBuilder.class);

crypto/cipher/src/main/java/org/apache/shiro/crypto/cipher/AesCipherService.java

@@ -27,10 +27,12 @@
  * The AES algorithm can support key sizes of {@code 128}, {@code 192} and {@code 256} bits<b>*</b>.  This implementation
  * defaults to 128 bits.
  * <p/>
- * Note that this class retains changes the parent class's default {@link OperationMode#CBC CBC} mode to {@link OperationMode#GCM GCM} of operation
- * instead of the typical JDK default of {@link OperationMode#ECB ECB}.  {@code ECB} should not be used in
- * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are
- * considered necessary for strong encryption.  See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
+ * Note that this class retains changes the parent class's default
+ * {@link OperationMode#CBC CBC} modeto {@link OperationMode#GCM GCM} of operation
+ * instead of the typical JDK default of {@link OperationMode#ECB ECB}.
+ * {@code ECB} should not be used in security-sensitive environments because {@code ECB}
+ * does not allow for initialization vectors, which are considered necessary for strong encryption.
+ * See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
  * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not
  * used in this implementation.
  * <p/>

crypto/cipher/src/main/java/org/apache/shiro/crypto/cipher/DefaultBlockCipherService.java

@@ -122,7 +122,8 @@
  * </ul>
  * <p/>
  * These attributes have the same meaning as the {@code mode}, {@code blockSize}, and {@code paddingScheme} attributes
- * described above, but they are applied during streaming method invocations only ({@link #encrypt(java.io.InputStream, java.io.OutputStream, byte[])}
+ * described above, but they are applied during streaming method invocations only
+ * ({@link #encrypt(java.io.InputStream, java.io.OutputStream, byte[])}
  * and {@link #decrypt(java.io.InputStream, java.io.OutputStream, byte[])}).
  *
  * @see BlowfishCipherService

crypto/cipher/src/main/java/org/apache/shiro/crypto/cipher/JcaCipherService.java

@@ -67,6 +67,7 @@
  *
  * @since 1.0
  */
+@SuppressWarnings("checkstyle:MethodCount")
 public abstract class JcaCipherService implements CipherService {
 
     /**

crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHashProvider.java

@@ -113,6 +113,7 @@ protected ByteSource getPublicSalt(HashRequest request) {
             }
 
             // generate salt if absent from the request.
+            @SuppressWarnings("checkstyle:MagicNumber")
             byte[] ps = new byte[16];
             random.nextBytes(ps);
 
@@ -204,7 +205,8 @@ static final class Parameters {
         /**
          * A secret part added to the salt. Sometimes also referred to as {@literal "Pepper"}.
          *
-         * <p>For more information, see <a href="https://en.wikipedia.org/wiki/Pepper_(cryptography)">Pepper (cryptography) on Wikipedia</a>.</p>
+         * <p>For more information, see <a href="https://en.wikipedia.org/wiki/Pepper_(cryptography)">
+         *     Pepper (cryptography) on Wikipedia</a>.</p>
          */
         public static final String PARAMETER_SECRET_SALT = "SimpleHash.secretSalt";
 

crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHashRequest.java

@@ -52,9 +52,10 @@ public class SimpleHashRequest implements HashRequest {
      * Creates a new SimpleHashRequest instance.
      *
      * @param algorithmName the name of the hash algorithm to use.  This is often null as the
-     *                      {@link HashService} implementation is usually configured with an appropriate algorithm name, but this
-     *                      can be non-null if the hash service's algorithm should be overridden with a specific one for the duration
-     *                      of the request.
+     *                      {@link HashService} implementation is usually configured with an
+     *                      appropriate algorithm name, but this can be non-null
+     *                      if the hash service's algorithm should be overridden with a
+     *                      specific one for the duration of the request.
      * @param source        the source to be hashed
      * @param salt          any public salt which should be used when computing the hash
      * @param parameters    e.g. the number of hash iterations to execute or other parameters.

crypto/support/hashes/argon2/src/main/java/org/apache/shiro/crypto/support/hashes/argon2/Argon2Hash.java

@@ -41,6 +41,7 @@
 import static java.util.Collections.unmodifiableSet;
 import static java.util.Objects.requireNonNull;
 
+@SuppressWarnings("checkstyle:LineLength")
 /**
  * The Argon2 key derivation function (KDF) is a modern algorithm to shade and hash passwords.
  *
@@ -123,6 +124,7 @@ protected static ByteSource createSalt() {
         return createSalt(new SecureRandom());
     }
 
+    @SuppressWarnings("checkstyle:MagicNumber")
     public static ByteSource createSalt(SecureRandom random) {
         return new SimpleByteSource(random.generateSeed(SALT_LENGTH_BITS / 8));
     }
@@ -237,6 +239,7 @@ public static Argon2Hash generate(
         final Argon2BytesGenerator gen = new Argon2BytesGenerator();
         gen.init(parameters);
 
+        @SuppressWarnings("checkstyle:MagicNumber")
         final byte[] hash = new byte[outputLengthBits / 8];
         gen.generateBytes(source.getBytes(), hash);
 
@@ -277,6 +280,7 @@ public int getIterations() {
     @Override
     public boolean matchesPassword(ByteSource plaintextBytes) {
         try {
+            @SuppressWarnings("checkstyle:MagicNumber")
             Argon2Hash compare = generate(
                     this.getAlgorithmName(),
                     this.argonVersion,
@@ -296,6 +300,7 @@ public boolean matchesPassword(ByteSource plaintextBytes) {
     }
 
     @Override
+    @SuppressWarnings("checkstyle:MagicNumber")
     public int getSaltLength() {
         return SALT_LENGTH_BITS / 8;
     }

crypto/support/hashes/argon2/src/main/java/org/apache/shiro/crypto/support/hashes/argon2/Argon2HashProvider.java

@@ -99,7 +99,8 @@ public Argon2Hash generate(HashRequest hashRequest) {
                     .flatMap(algoV -> intOrEmpty(algoV, Parameters.PARAMETER_PARALLELISM))
                     .orElse(Parameters.DEFAULT_PARALLELISM);
 
-            final int outputLengthBits = Optional.ofNullable(hashRequest.getParameters().get(Parameters.PARAMETER_OUTPUT_LENGTH_BITS))
+            final int outputLengthBits = Optional.ofNullable(hashRequest.getParameters()
+                            .get(Parameters.PARAMETER_OUTPUT_LENGTH_BITS))
                     .flatMap(algoV -> intOrEmpty(algoV, Parameters.PARAMETER_OUTPUT_LENGTH_BITS))
                     .orElse(Parameters.DEFAULT_OUTPUT_LENGTH_BITS);
 
@@ -123,6 +124,7 @@ private ByteSource parseSalt(HashRequest hashRequest) {
                     .orElseGet(() -> Argon2Hash.createSalt(random));
         }
 
+        @SuppressWarnings("checkstyle:MagicNumber")
         private Optional<ByteSource> lengthValidOrEmpty(ByteSource bytes) {
             if (bytes.getBytes().length != 16) {
                 return Optional.empty();
@@ -131,6 +133,7 @@ private Optional<ByteSource> lengthValidOrEmpty(ByteSource bytes) {
             return Optional.of(bytes);
         }
 
+        @SuppressWarnings("checkstyle:MagicNumber")
         private Optional<Integer> intOrEmpty(Object maybeInt, String parameterName) {
             try {
                 return Optional.of(Integer.parseInt((String) maybeInt, 10));

crypto/support/hashes/bcrypt/src/main/java/org/apache/shiro/crypto/support/hashes/bcrypt/BCryptHash.java

@@ -82,6 +82,7 @@ protected final void checkValidCost() {
         checkValidCost(this.cost);
     }
 
+    @SuppressWarnings("checkstyle:MagicNumber")
     public static int checkValidCost(final int cost) {
         if (cost < 4 || cost > 31) {
             final String message = String.format(

crypto/support/hashes/bcrypt/src/main/java/org/apache/shiro/crypto/support/hashes/bcrypt/BCryptProvider.java

@@ -96,6 +96,7 @@ private int getCost(HashRequest hashRequest) {
 
             String costStr = optCostStr.orElseThrow(NoSuchElementException::new);
             try {
+                @SuppressWarnings("checkstyle:MagicNumber")
                 int cost = Integer.parseInt(costStr, 10);
                 BCryptHash.checkValidCost(cost);
                 return cost;

crypto/support/hashes/bcrypt/src/main/java/org/apache/shiro/crypto/support/hashes/bcrypt/OpenBSDBase64.java

@@ -28,12 +28,15 @@
  *
  * <blockquote>
  * Unix stores password hashes computed with crypt in the /etc/passwd file using radix-64 encoding called B64. It uses a
- * mostly-alphanumeric set of characters, plus . and /. Its 64-character set is "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".
+ * mostly-alphanumeric set of characters, plus . and /.
+ * Its 64-character set is "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".
  * Padding is not used.
  * </blockquote>
  *
  * @since 2.0
  */
+@SuppressWarnings({"checkstyle:MagicNumber", "checkstyle:BooleanExpressionComplexity",
+"checkstyle:NPathComplexity", "checkstyle:CyclomaticComplexity"})
 interface OpenBSDBase64 {
 
 
@@ -46,9 +49,11 @@ interface OpenBSDBase64 {
     byte[] encode(byte[] rawBytes);
 
     /**
-     * From a UTF-8 encoded string representing radix64 encoded data as byte array, decodes the raw bytes from it.
+     * From a UTF-8 encoded string representing radix64 encoded data as byte array,
+     * decodes the raw bytes from it.
      *
-     * @param utf8EncodedRadix64String from a string get it with <code>"m0CrhHm10qJ3lXRY.5zDGO".getBytes(StandardCharsets.UTF8)</code>
+     * @param utf8EncodedRadix64String from a string get it with
+     *        <code>"m0CrhHm10qJ3lXRY.5zDGO".getBytes(StandardCharsets.UTF8)</code>
      * @return the raw bytes encoded by this utf-8 radix4 string
      */
     byte[] decode(byte[] utf8EncodedRadix64String);

lang/src/main/java/org/apache/shiro/lang/codec/CodecSupport.java

@@ -33,6 +33,7 @@
  *
  * @since 0.9
  */
+@SuppressWarnings("checkstyle:BooleanExpressionComplexity")
 public abstract class CodecSupport {
 
     /**

lang/src/main/java/org/apache/shiro/lang/codec/H64.java

@@ -45,6 +45,7 @@
  *
  * @since 1.2
  */
+@SuppressWarnings("checkstyle:MagicNumber")
 public final class H64 {
 
     private static final byte FF = (byte) 0xff;

lang/src/main/java/org/apache/shiro/lang/codec/Hex.java

@@ -32,6 +32,7 @@
  * @see <a href="http://en.wikipedia.org/wiki/Hexadecimal">Wikipedia: Hexadecimal</a>
  * @since 0.9
  */
+@SuppressWarnings("checkstyle:MagicNumber")
 public final class Hex {
 
     /**

lang/src/main/java/org/apache/shiro/lang/util/SimpleByteSource.java

@@ -44,6 +44,7 @@
  *
  * @since 1.0
  */
+@SuppressWarnings("checkstyle:BooleanExpressionComplexity")
 public class SimpleByteSource implements ByteSource {
 
     private final byte[] bytes;

lang/src/main/java/org/apache/shiro/lang/util/StringUtils.java

@@ -37,6 +37,7 @@
  *
  * @since 0.9
  */
+@SuppressWarnings("checkstyle:CyclomaticComplexity")
 public final class StringUtils {
 
     /**
@@ -468,6 +469,7 @@ public static String join(Iterator<?> iterator, String separator) {
 
         // two or more elements
         // Java default is 16, probably too small
+        @SuppressWarnings("checkstyle:MagicNumber")
         StringBuilder buf = new StringBuilder(256);
         if (first != null) {
             buf.append(first);

lang/src/test/java/org/apache/shiro/lang/util/ClassUtilsTest.java

@@ -22,7 +22,6 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-
 class ClassUtilsTest {
 
     @Test

src/suppressions.xml

@@ -23,6 +23,13 @@
     <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]ee[\\/]*"/>
     <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]testing[\\/]*"/>
     <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]cdi[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]spring[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]guice[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]web[\\/]jaxrs[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]lang[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]tools[\\/]hasher[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]config[\\/]ogdl[\\/]*"/>
+    <suppress checks="JavadocPackage" files="org[\\/]apache[\\/]shiro[\\/]cache[\\/]ehcache[\\/]*"/>
 
     <suppress checks="ConstantName" lines="41-44" files="com[\\/]flowlogix[\\/]shiro[\\/]ee[\\/]filters[\\/]CryptoSupport"/>
 </suppressions>

support/ehcache/src/main/java/org/apache/shiro/cache/ehcache/EhCacheManager.java

@@ -62,7 +62,7 @@ public class EhCacheManager implements CacheManager, Initializable, Destroyable
      * Indicates if the CacheManager instance was implicitly/automatically created by this instance, indicating that
      * it should be automatically cleaned up as well on shutdown.
      */
-    private boolean cacheManagerImplicitlyCreated = false;
+    private boolean cacheManagerImplicitlyCreated;
 
     /**
      * Classpath file location of the ehcache CacheManager config file.

support/ehcache/src/test/java/org/apache/shiro/cache/ehcache/EhCacheManagerTest.java

@@ -24,7 +24,10 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.util.Collection;
 import java.util.Set;

support/hazelcast/src/main/java/org/apache/shiro/hazelcast/cache/HazelcastCacheManager.java

@@ -77,7 +77,7 @@ public class HazelcastCacheManager implements CacheManager, Initializable, Destr
 
     private static final Logger LOGGER = LoggerFactory.getLogger(HazelcastCacheManager.class);
 
-    private boolean implicitlyCreated = false;
+    private boolean implicitlyCreated;
     private HazelcastInstance hazelcastInstance;
     private Config config;
 

support/jcache/src/main/java/org/apache/shiro/cache/jcache/JCacheManager.java

@@ -67,7 +67,7 @@ public class JCacheManager implements CacheManager, Initializable, Destroyable {
      * Indicates if the CacheManager instance was implicitly/automatically created by this instance, indicating that
      * it should be automatically cleaned up as well on shutdown.
      */
-    private boolean cacheManagerImplicitlyCreated = false;
+    private boolean cacheManagerImplicitlyCreated;
 
     @Override
     public <K, V> Cache<K, V> getCache(String name) throws CacheException {
@@ -146,7 +146,8 @@ public void destroy() {
             try {
                 jCacheManager.close();
             } catch (Throwable t) {
-                LOGGER.warn("Unable to cleanly shutdown implicitly created CacheManager instance. Ignoring (shutting down)...", t);
+                LOGGER.warn("Unable to cleanly shutdown implicitly created CacheManager instance. "
+                        + "Ignoring (shutting down)...", t);
             } finally {
                 this.jCacheManager = null;
                 this.cacheManagerImplicitlyCreated = false;