From d7fbf3673a1dbfd20c6cad79992dc3c362ddd9de Mon Sep 17 00:00:00 2001 From: Robert Winch <362503+rwinch@users.noreply.github.com> Date: Thu, 22 Jan 2026 14:48:05 -0600 Subject: [PATCH] Fix consistency with Nullability Usage Issue gh-18564 --- .../security/config/web/server/LogoutSpecTests.java | 4 ++-- .../ott/OneTimeTokenAuthenticationToken.java | 2 +- .../authorization/method/MethodInvocationResult.java | 2 +- .../AuthorizationAdvisorProxyFactoryTests.java | 4 +--- ...ReactiveAuthorizationAdvisorProxyFactoryTests.java | 4 +--- .../util/matcher/PathPatternMessageMatcher.java | 3 ++- .../handler/invocation/ResolvableMethod.java | 3 --- .../core/PayloadSocketAcceptorInterceptor.java | 5 ++--- .../security/web/DefaultSecurityFilterChain.java | 2 +- .../security/web/ObservationFilterChainDecorator.java | 2 +- .../AbstractAuthenticationProcessingFilter.java | 2 +- .../UsernamePasswordAuthenticationFilter.java | 8 +++----- .../ott/GenerateOneTimeTokenRequestResolver.java | 5 ++--- .../result/view/CsrfRequestDataValueProcessor.java | 3 ++- .../server/ObservationWebFilterChainDecorator.java | 4 ++-- .../ServerX509AuthenticationConverter.java | 2 +- .../server/authentication/SwitchUserWebFilter.java | 11 +++++------ .../util/matcher/PathPatternRequestMatcher.java | 2 +- .../util/matcher/DispatcherTypeRequestMatcher.java | 5 ++--- .../security/web/servlet/MockServletContext.java | 5 +---- 20 files changed, 32 insertions(+), 46 deletions(-) diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java index 99e68827dd..d6d316804d 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java @@ -278,7 +278,7 @@ public class LogoutSpecTests { private static class InMemorySecurityContextRepository implements ServerSecurityContextRepository { - @Nullable private SecurityContext savedContext; + private @Nullable SecurityContext savedContext; @Override public Mono save(ServerWebExchange exchange, SecurityContext context) { @@ -291,7 +291,7 @@ public class LogoutSpecTests { return Mono.justOrEmpty(this.savedContext); } - @Nullable private SecurityContext getSavedContext() { + private @Nullable SecurityContext getSavedContext() { return this.savedContext; } diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java index dd3cb8b2ec..37cff45b13 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java @@ -36,7 +36,7 @@ public class OneTimeTokenAuthenticationToken extends AbstractAuthenticationToken @Serial private static final long serialVersionUID = -8691636031126328365L; - private @Nullable final Object principal; + private final @Nullable Object principal; private @Nullable String tokenValue; diff --git a/core/src/main/java/org/springframework/security/authorization/method/MethodInvocationResult.java b/core/src/main/java/org/springframework/security/authorization/method/MethodInvocationResult.java index 7d8e6e4906..fcf4518717 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/MethodInvocationResult.java +++ b/core/src/main/java/org/springframework/security/authorization/method/MethodInvocationResult.java @@ -32,7 +32,7 @@ public class MethodInvocationResult { private final MethodInvocation methodInvocation; - private @Nullable final Object result; + private final @Nullable Object result; /** * Construct a {@link MethodInvocationResult} with the provided parameters diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java index eef00d19d4..c8cf1f368c 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java @@ -40,7 +40,6 @@ import tools.jackson.databind.json.JsonMapper; import org.springframework.aop.Pointcut; import org.springframework.core.annotation.AnnotationAwareOrderComparator; -import org.springframework.lang.NonNull; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestAuthentication; @@ -445,7 +444,7 @@ public class AuthorizationAdvisorProxyFactoryTests { } @Override - public int compareTo(@NonNull User that) { + public int compareTo(User that) { return this.id.compareTo(that.getId()); } @@ -455,7 +454,6 @@ public class AuthorizationAdvisorProxyFactoryTests { List users = List.of(new User("1", "first", "last")); - @NonNull @Override public Iterator iterator() { return this.users.iterator(); diff --git a/core/src/test/java/org/springframework/security/authorization/ReactiveAuthorizationAdvisorProxyFactoryTests.java b/core/src/test/java/org/springframework/security/authorization/ReactiveAuthorizationAdvisorProxyFactoryTests.java index 1ba7a807dc..b8ac9de81d 100644 --- a/core/src/test/java/org/springframework/security/authorization/ReactiveAuthorizationAdvisorProxyFactoryTests.java +++ b/core/src/test/java/org/springframework/security/authorization/ReactiveAuthorizationAdvisorProxyFactoryTests.java @@ -25,7 +25,6 @@ import reactor.core.publisher.Mono; import reactor.test.StepVerifier; import org.springframework.aop.Pointcut; -import org.springframework.lang.NonNull; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestAuthentication; @@ -193,7 +192,7 @@ public class ReactiveAuthorizationAdvisorProxyFactoryTests { } @Override - public int compareTo(@NonNull User that) { + public int compareTo(User that) { return this.id.compareTo(that.getId()); } @@ -207,7 +206,6 @@ public class ReactiveAuthorizationAdvisorProxyFactoryTests { return Flux.fromIterable(this.users); } - @NonNull @Override public Iterator iterator() { return this.users.iterator(); diff --git a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java index 567550a024..d69b99d5f6 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java +++ b/messaging/src/main/java/org/springframework/security/messaging/util/matcher/PathPatternMessageMatcher.java @@ -18,8 +18,9 @@ package org.springframework.security.messaging.util.matcher; import java.util.Collections; +import org.jspecify.annotations.Nullable; + import org.springframework.http.server.PathContainer; -import org.springframework.lang.Nullable; import org.springframework.messaging.Message; import org.springframework.messaging.simp.SimpMessageHeaderAccessor; import org.springframework.messaging.simp.SimpMessageType; diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java index 35e3ef23ac..c19e66c3db 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java +++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java @@ -46,7 +46,6 @@ import org.springframework.core.ResolvableType; import org.springframework.core.annotation.AnnotatedElementUtils; import org.springframework.core.annotation.AnnotationUtils; import org.springframework.core.annotation.SynthesizingMethodParameter; -import org.springframework.lang.Nullable; import org.springframework.objenesis.ObjenesisException; import org.springframework.objenesis.SpringObjenesis; import org.springframework.util.Assert; @@ -649,7 +648,6 @@ public final class ResolvableMethod { } @Override - @Nullable public Object intercept(Object object, Method method, Object[] args, MethodProxy proxy) { if (ReflectionUtils.isObjectMethod(method)) { return ReflectionUtils.invokeMethod(method, object, args); @@ -661,7 +659,6 @@ public final class ResolvableMethod { } @Override - @Nullable public Object invoke(org.aopalliance.intercept.MethodInvocation inv) throws Throwable { return intercept(inv.getThis(), inv.getMethod(), inv.getArguments(), null); } diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java index 3db765f466..22dc67c134 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java @@ -21,8 +21,8 @@ import java.util.List; import io.rsocket.SocketAcceptor; import io.rsocket.metadata.WellKnownMimeType; import io.rsocket.plugins.SocketAcceptorInterceptor; +import org.jspecify.annotations.Nullable; -import org.springframework.lang.Nullable; import org.springframework.security.rsocket.api.PayloadInterceptor; import org.springframework.util.Assert; import org.springframework.util.MimeType; @@ -38,8 +38,7 @@ public class PayloadSocketAcceptorInterceptor implements SocketAcceptorIntercept private final List interceptors; - @Nullable - private MimeType defaultDataMimeType; + private @Nullable MimeType defaultDataMimeType; private MimeType defaultMetadataMimeType = MimeTypeUtils .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java index f60456ac53..9f1691f781 100644 --- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java +++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java @@ -24,6 +24,7 @@ import jakarta.servlet.Filter; import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.NonNull; import org.jspecify.annotations.Nullable; import org.springframework.beans.BeansException; @@ -33,7 +34,6 @@ import org.springframework.beans.factory.BeanNameAware; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.core.log.LogMessage; -import org.springframework.lang.NonNull; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.StringUtils; diff --git a/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java b/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java index f571ea02f4..627f002b20 100644 --- a/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java +++ b/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java @@ -508,7 +508,7 @@ public final class ObservationFilterChainDecorator implements FilterChainProxy.F private final String filterSection; - @Nullable private String filterName; + private @Nullable String filterName; private int chainPosition; diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index b426e11eec..59c9329398 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -126,7 +126,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder .getContextHolderStrategy(); - @Nullable protected ApplicationEventPublisher eventPublisher; + protected @Nullable ApplicationEventPublisher eventPublisher; protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java index 971745ec2e..02565d815c 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java @@ -18,9 +18,9 @@ package org.springframework.security.web.authentication; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import org.jspecify.annotations.Nullable; import org.springframework.http.HttpMethod; -import org.springframework.lang.Nullable; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -100,8 +100,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication * @return the password that will be presented in the Authentication * request token to the AuthenticationManager */ - @Nullable - protected String obtainPassword(HttpServletRequest request) { + protected @Nullable String obtainPassword(HttpServletRequest request) { return request.getParameter(this.passwordParameter); } @@ -112,8 +111,7 @@ public class UsernamePasswordAuthenticationFilter extends AbstractAuthentication * @return the username that will be presented in the Authentication * request token to the AuthenticationManager */ - @Nullable - protected String obtainUsername(HttpServletRequest request) { + protected @Nullable String obtainUsername(HttpServletRequest request) { return request.getParameter(this.usernameParameter); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenRequestResolver.java b/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenRequestResolver.java index cbce76a09f..800cb81287 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenRequestResolver.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenRequestResolver.java @@ -17,8 +17,8 @@ package org.springframework.security.web.authentication.ott; import jakarta.servlet.http.HttpServletRequest; +import org.jspecify.annotations.Nullable; -import org.springframework.lang.Nullable; import org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest; /** @@ -35,7 +35,6 @@ public interface GenerateOneTimeTokenRequestResolver { * @param request {@link HttpServletRequest} to resolve * @return {@link GenerateOneTimeTokenRequest} */ - @Nullable - GenerateOneTimeTokenRequest resolve(HttpServletRequest request); + @Nullable GenerateOneTimeTokenRequest resolve(HttpServletRequest request); } diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java index 5bf956243c..a525dbb31e 100644 --- a/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java +++ b/web/src/main/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.java @@ -20,7 +20,8 @@ import java.util.Collections; import java.util.Map; import java.util.regex.Pattern; -import org.springframework.lang.NonNull; +import org.jspecify.annotations.NonNull; + import org.springframework.security.web.server.csrf.CsrfToken; import org.springframework.web.reactive.result.view.RequestDataValueProcessor; import org.springframework.web.server.ServerWebExchange; diff --git a/web/src/main/java/org/springframework/security/web/server/ObservationWebFilterChainDecorator.java b/web/src/main/java/org/springframework/security/web/server/ObservationWebFilterChainDecorator.java index 3ef13ad257..c24a0debf0 100644 --- a/web/src/main/java/org/springframework/security/web/server/ObservationWebFilterChainDecorator.java +++ b/web/src/main/java/org/springframework/security/web/server/ObservationWebFilterChainDecorator.java @@ -109,9 +109,9 @@ public final class ObservationWebFilterChainDecorator implements WebFilterChainP private final WebHandler handler; - @Nullable private final ObservationWebFilter currentFilter; + private final @Nullable ObservationWebFilter currentFilter; - @Nullable private final ObservationWebFilterChain chain; + private final @Nullable ObservationWebFilterChain chain; /** * Public constructor with the list of filters and the target handler to use. diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java index f9d9160d90..cb37f28e94 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.java @@ -20,10 +20,10 @@ import java.security.cert.X509Certificate; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.NonNull; import reactor.core.publisher.Mono; import org.springframework.http.server.reactive.SslInfo; -import org.springframework.lang.NonNull; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor; diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java index 62195b8b16..2735993ce9 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java @@ -23,12 +23,12 @@ import java.util.Optional; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.NonNull; +import org.jspecify.annotations.Nullable; import reactor.core.publisher.Mono; import org.springframework.core.log.LogMessage; import org.springframework.http.HttpMethod; -import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; import org.springframework.security.authentication.AccountStatusUserDetailsChecker; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -217,8 +217,8 @@ public class SwitchUserWebFilter implements WebFilter { return exchange.getRequest().getQueryParams().getFirst(SPRING_SECURITY_SWITCH_USERNAME_KEY); } - @NonNull - private Mono attemptSwitchUser(Authentication currentAuthentication, @Nullable String userName) { + private @NonNull Mono attemptSwitchUser(Authentication currentAuthentication, + @Nullable String userName) { Assert.notNull(userName, "The userName can not be null."); this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", userName)); return this.userDetailsService.findByUsername(userName) @@ -227,8 +227,7 @@ public class SwitchUserWebFilter implements WebFilter { .map((userDetails) -> createSwitchUserToken(userDetails, currentAuthentication)); } - @NonNull - private Authentication attemptExitUser(Authentication currentAuthentication) { + private @NonNull Authentication attemptExitUser(Authentication currentAuthentication) { Optional sourceAuthentication = extractSourceAuthentication(currentAuthentication); if (sourceAuthentication.isEmpty()) { this.logger.debug("Failed to find original user"); diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java index 6b13beb924..1e8d553c83 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java @@ -19,11 +19,11 @@ package org.springframework.security.web.servlet.util.matcher; import java.util.Objects; import jakarta.servlet.http.HttpServletRequest; +import org.jspecify.annotations.Nullable; import org.springframework.http.HttpMethod; import org.springframework.http.server.PathContainer; import org.springframework.http.server.RequestPath; -import org.springframework.lang.Nullable; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java index 5576eb51b1..e55cdd44a8 100644 --- a/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/matcher/DispatcherTypeRequestMatcher.java @@ -18,9 +18,9 @@ package org.springframework.security.web.util.matcher; import jakarta.servlet.DispatcherType; import jakarta.servlet.http.HttpServletRequest; +import org.jspecify.annotations.Nullable; import org.springframework.http.HttpMethod; -import org.springframework.lang.Nullable; import org.springframework.util.StringUtils; /** @@ -36,8 +36,7 @@ public class DispatcherTypeRequestMatcher implements RequestMatcher { private final DispatcherType dispatcherType; - @Nullable - private final HttpMethod httpMethod; + private final @Nullable HttpMethod httpMethod; /** * Creates an instance which matches requests with the provided {@link DispatcherType} diff --git a/web/src/test/java/org/springframework/security/web/servlet/MockServletContext.java b/web/src/test/java/org/springframework/security/web/servlet/MockServletContext.java index f7b1ab7304..c68e24ea5a 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/MockServletContext.java +++ b/web/src/test/java/org/springframework/security/web/servlet/MockServletContext.java @@ -28,7 +28,6 @@ import jakarta.servlet.Servlet; import jakarta.servlet.ServletRegistration; import jakarta.servlet.ServletSecurityElement; -import org.springframework.lang.NonNull; import org.springframework.web.servlet.DispatcherServlet; public class MockServletContext extends org.springframework.mock.web.MockServletContext { @@ -41,15 +40,13 @@ public class MockServletContext extends org.springframework.mock.web.MockServlet return servletContext; } - @NonNull @Override - public ServletRegistration.Dynamic addServlet(@NonNull String servletName, Class clazz) { + public ServletRegistration.Dynamic addServlet(String servletName, Class clazz) { ServletRegistration.Dynamic dynamic = new MockServletRegistration(servletName, clazz); this.registrations.put(servletName, dynamic); return dynamic; } - @NonNull @Override public Map getServletRegistrations() { return this.registrations;