Added nullable

ronodhirSoumik · ronodhirSoumik · commit 46ffe65384e9 · 2025-11-19T00:41:16.000+06:00
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java
@@ -16,10 +16,10 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import jakarta.servlet.http.HttpServletRequest;
 import org.opensaml.saml.saml2.core.Response;
-
 import org.springframework.http.HttpMethod;
+
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
@@ -30,11 +30,12 @@
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
 import org.springframework.security.web.authentication.AuthenticationConverter;
+import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
+import jakarta.servlet.http.HttpServletRequest;
 
 final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter {
 
@@ -91,7 +92,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 	 * @throws Saml2AuthenticationException if the {@link RequestMatcher} specifies a
 	 * non-existent {@code registrationId}
 	 */
+	
 	@Override
+	@Nullable
 	public Saml2AuthenticationToken convert(HttpServletRequest request) {
 		String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		if (serialized == null) {
@@ -110,7 +113,8 @@ public Saml2AuthenticationToken convert(HttpServletRequest request) {
 		}
 		return token;
 	}
-
+	
+	@Nullable
 	private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) {
 		AbstractSaml2AuthenticationRequest authenticationRequest = this.authenticationRequests
 			.loadAuthenticationRequest(request);
@@ -121,7 +125,8 @@ private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		return tokenByRegistration(request, registration, authenticationRequest);
 	}
-
+	
+	@Nullable
 	private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request,
 			RequestMatcher.MatchResult result) {
 		String registrationId = result.getVariables().get("registrationId");
@@ -132,15 +137,18 @@ private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest reques
 		return tokenByRegistration(request, registration, null);
 	}
 
+	@Nullable
 	private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) {
 		Response response = this.saml.deserialize(decode(request));
 		String issuer = response.getIssuer().getValue();
 		RelyingPartyRegistration registration = this.registrations.findUniqueByAssertingPartyEntityId(issuer);
 		return tokenByRegistration(request, registration, null);
 	}
 
-	private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request,
-			RelyingPartyRegistration registration, AbstractSaml2AuthenticationRequest authenticationRequest) {
+	@Nullable
+	private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, 
+			@Nullable RelyingPartyRegistration registration, 
+			@Nulable AbstractSaml2AuthenticationRequest authenticationRequest) {
 		if (registration == null) {
 			return null;
 		}
@@ -178,6 +186,7 @@ void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.shouldConvertGetRequests = shouldConvertGetRequests;
 	}
 
+	@Nullable
 	private String decode(HttpServletRequest request) {
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		boolean isGet = HttpMethod.GET.matches(request.getMethod());
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java
@@ -16,15 +16,16 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
+import org.jspecify.annotations.Nullable;
 import org.springframework.cache.Cache;
 import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 /**
  * A cache-based {@link Saml2AuthenticationRequestRepository}. This can be handy when you
  * are dropping requests due to using SameSite=Strict and the previous session is lost.
@@ -43,6 +44,7 @@ public final class CacheSaml2AuthenticationRequestRepository
 	private Cache cache = new ConcurrentMapCache("authentication-requests");
 
 	@Override
+	@Nullable
 	public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
 		Assert.notNull(relayState, "relayState must not be null");
@@ -58,6 +60,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent
 	}
 
 	@Override
+	@Nullable
 	public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
 			HttpServletResponse response) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -17,11 +17,11 @@
 package org.springframework.security.saml2.provider.service.web;
 
 import java.util.Map;
+import java.util.regex.MatchResult;
 
-import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.server.PathContainer;
 import org.springframework.http.server.RequestPath;
@@ -31,6 +31,8 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+
 /**
  * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the
  * registration id from the request, querying a
@@ -76,6 +78,7 @@ public DefaultRelyingPartyRegistrationResolver(
 	 * {@inheritDoc}
 	 */
 	@Override
+	@Nullable
 	public RelyingPartyRegistration convert(HttpServletRequest request) {
 		return resolve(request, null);
 	}
@@ -84,7 +87,9 @@ public RelyingPartyRegistration convert(HttpServletRequest request) {
 	 * {@inheritDoc}
 	 */
 	@Override
-	public RelyingPartyRegistration resolve(HttpServletRequest request, String relyingPartyRegistrationId) {
+	@Nullable
+	public RelyingPartyRegistration resolve(HttpServletRequest request, 
+			@Nullable String relyingPartyRegistrationId) {
 		if (relyingPartyRegistrationId == null) {
 			if (this.logger.isTraceEnabled()) {
 				this.logger.trace("Attempting to resolve from " + this.registrationRequestMatcher
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
+import org.jspecify.annotations.Nullable;
+import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 
-import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
-
 /**
  * A {@link Saml2AuthenticationRequestRepository} implementation that uses
  * {@link HttpSession} to store and retrieve the
@@ -40,6 +41,7 @@ public class HttpSessionSaml2AuthenticationRequestRepository
 	private String saml2AuthnRequestAttributeName = DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME;
 
 	@Override
+	@Nullable
 	public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
 		HttpSession httpSession = request.getSession(false);
 		if (httpSession == null) {
@@ -49,7 +51,7 @@ public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletR
 	}
 
 	@Override
-	public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest,
+	public void saveAuthenticationRequest(@Nullable AbstractSaml2AuthenticationRequest authenticationRequest,
 			HttpServletRequest request, HttpServletResponse response) {
 		if (authenticationRequest == null) {
 			removeAuthenticationRequest(request, response);
@@ -60,6 +62,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent
 	}
 
 	@Override
+	@Nullable
 	public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
 			HttpServletResponse response) {
 		AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request);
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java
@@ -16,11 +16,12 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
+import org.jspecify.annotations.Nullable;
+import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
-import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
-
 /**
  * A repository for {@link AbstractSaml2AuthenticationRequest}
  *
@@ -36,6 +37,7 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @return the {@link AbstractSaml2AuthenticationRequest} or {@code null} if it is not
 	 * present
 	 */
+	@Nullable
 	T loadAuthenticationRequest(HttpServletRequest request);
 
 	/**
@@ -45,7 +47,7 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @param request the current request
 	 * @param response the current response
 	 */
-	void saveAuthenticationRequest(T authenticationRequest, HttpServletRequest request, HttpServletResponse response);
+	void saveAuthenticationRequest(@Nullable T authenticationRequest, HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Removes the authentication request using the {@link HttpServletRequest} and
@@ -55,6 +57,7 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @return the removed {@link AbstractSaml2AuthenticationRequest} or {@code null} if
 	 * it is not present
 	 */
+	@Nullable
 	T removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response);
 
 }
