diff --git a/saml2/package-info.java b/saml2/package-info.java new file mode 100644 index 00000000000..ec90e68b0c0 --- /dev/null +++ b/saml2/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle index 140f8a91e78..838325b07e2 100644 --- a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle +++ b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle @@ -1,3 +1,7 @@ +plugins { + id 'security-nullability' +} + apply plugin: 'io.spring.convention.spring-module' configurations { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java new file mode 100644 index 00000000000..c73b842ddf2 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.core; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java new file mode 100644 index 00000000000..0c025f7ac47 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.internal; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java index 061f69b005a..ef6500ed9ae 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java @@ -17,4 +17,7 @@ /** * Jackson 3+ serialization support for SAML2. */ +@NullMarked package org.springframework.security.saml2.jackson; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java index eef3717f173..7a22cf15a0c 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java @@ -17,4 +17,7 @@ /** * Jackson 2 serialization support for SAML2. */ +@NullMarked package org.springframework.security.saml2.jackson2; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java index 6bd87e6d532..a2db6500f0c 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java @@ -20,7 +20,7 @@ import java.util.List; import java.util.Map; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; import org.springframework.security.core.AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.util.CollectionUtils; @@ -76,6 +76,7 @@ default Map> getAttributes() { * @return the {@link RelyingPartyRegistration} identifier * @since 5.6 */ + @Nullable default String getRelyingPartyRegistrationId() { return null; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java new file mode 100644 index 00000000000..5e301b025ac --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.authentication.logout; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java new file mode 100644 index 00000000000..568b5ebf8ab --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.authentication; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java new file mode 100644 index 00000000000..18ae781dba0 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.metadata; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java new file mode 100644 index 00000000000..582f798f1e7 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java index 0b2f15ac4ae..0e9722fc1ec 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java @@ -16,7 +16,7 @@ package org.springframework.security.saml2.provider.service.registration; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; /** * A repository for retrieving SAML 2.0 Asserting Party Metadata diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java index 48fb75a3d34..686aa3cc1a9 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java @@ -20,6 +20,7 @@ import java.util.Set; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.saml.criterion.EntityRoleCriterion; import org.opensaml.saml.metadata.IterableMetadataSource; @@ -30,9 +31,7 @@ import org.opensaml.saml.metadata.resolver.index.impl.RoleMetadataIndex; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; - import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; import org.springframework.security.saml2.Saml2Exception; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.util.Assert; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java new file mode 100644 index 00000000000..0a0bc2a0718 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.registration; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java index 35f3d6e36f1..51960100127 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java @@ -16,10 +16,10 @@ package org.springframework.security.saml2.provider.service.web; -import jakarta.servlet.http.HttpServletRequest; import org.opensaml.saml.saml2.core.Response; - import org.springframework.http.HttpMethod; + +import org.jspecify.annotations.Nullable; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; import org.springframework.security.saml2.core.Saml2ParameterNames; @@ -30,11 +30,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.web.authentication.AuthenticationConverter; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; -import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; +import jakarta.servlet.http.HttpServletRequest; final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter { @@ -91,7 +92,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo * @throws Saml2AuthenticationException if the {@link RequestMatcher} specifies a * non-existent {@code registrationId} */ + @Override + @Nullable public Saml2AuthenticationToken convert(HttpServletRequest request) { String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE); if (serialized == null) { @@ -110,7 +113,8 @@ public Saml2AuthenticationToken convert(HttpServletRequest request) { } return token; } - + + @Nullable private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) { AbstractSaml2AuthenticationRequest authenticationRequest = this.authenticationRequests .loadAuthenticationRequest(request); @@ -121,7 +125,8 @@ private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId); return tokenByRegistration(request, registration, authenticationRequest); } - + + @Nullable private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request, RequestMatcher.MatchResult result) { String registrationId = result.getVariables().get("registrationId"); @@ -132,6 +137,7 @@ private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest reques return tokenByRegistration(request, registration, null); } + @Nullable private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) { Response response = this.saml.deserialize(decode(request)); String issuer = response.getIssuer().getValue(); @@ -139,8 +145,10 @@ private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) { return tokenByRegistration(request, registration, null); } - private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, - RelyingPartyRegistration registration, AbstractSaml2AuthenticationRequest authenticationRequest) { + @Nullable + private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, + @Nullable RelyingPartyRegistration registration, + @Nulable AbstractSaml2AuthenticationRequest authenticationRequest) { if (registration == null) { return null; } @@ -178,6 +186,7 @@ void setShouldConvertGetRequests(boolean shouldConvertGetRequests) { this.shouldConvertGetRequests = shouldConvertGetRequests; } + @Nullable private String decode(HttpServletRequest request) { String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE); boolean isGet = HttpMethod.GET.matches(request.getMethod()); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java index 675103c029c..16c38905f36 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java @@ -16,15 +16,16 @@ package org.springframework.security.saml2.provider.service.web; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - +import org.jspecify.annotations.Nullable; import org.springframework.cache.Cache; import org.springframework.cache.concurrent.ConcurrentMapCache; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.util.Assert; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + /** * A cache-based {@link Saml2AuthenticationRequestRepository}. This can be handy when you * are dropping requests due to using SameSite=Strict and the previous session is lost. @@ -43,6 +44,7 @@ public final class CacheSaml2AuthenticationRequestRepository private Cache cache = new ConcurrentMapCache("authentication-requests"); @Override + @Nullable public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) { String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE); Assert.notNull(relayState, "relayState must not be null"); @@ -58,6 +60,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent } @Override + @Nullable public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response) { String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java index 654d58dc389..cef1d9fde05 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java @@ -17,11 +17,11 @@ package org.springframework.security.saml2.provider.service.web; import java.util.Map; +import java.util.regex.MatchResult; -import jakarta.servlet.http.HttpServletRequest; +import org.jspecify.annotations.Nullable; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - import org.springframework.core.convert.converter.Converter; import org.springframework.http.server.PathContainer; import org.springframework.http.server.RequestPath; @@ -31,6 +31,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import jakarta.servlet.http.HttpServletRequest; + /** * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the * registration id from the request, querying a @@ -76,6 +78,7 @@ public DefaultRelyingPartyRegistrationResolver( * {@inheritDoc} */ @Override + @Nullable public RelyingPartyRegistration convert(HttpServletRequest request) { return resolve(request, null); } @@ -84,7 +87,9 @@ public RelyingPartyRegistration convert(HttpServletRequest request) { * {@inheritDoc} */ @Override - public RelyingPartyRegistration resolve(HttpServletRequest request, String relyingPartyRegistrationId) { + @Nullable + public RelyingPartyRegistration resolve(HttpServletRequest request, + @Nullable String relyingPartyRegistrationId) { if (relyingPartyRegistrationId == null) { if (this.logger.isTraceEnabled()) { this.logger.trace("Attempting to resolve from " + this.registrationRequestMatcher diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java index 6db40c942c5..be5bd700292 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java @@ -16,12 +16,13 @@ package org.springframework.security.saml2.provider.service.web; +import org.jspecify.annotations.Nullable; +import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; -import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; - /** * A {@link Saml2AuthenticationRequestRepository} implementation that uses * {@link HttpSession} to store and retrieve the @@ -40,6 +41,7 @@ public class HttpSessionSaml2AuthenticationRequestRepository private String saml2AuthnRequestAttributeName = DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME; @Override + @Nullable public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) { HttpSession httpSession = request.getSession(false); if (httpSession == null) { @@ -49,7 +51,7 @@ public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletR } @Override - public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, + public void saveAuthenticationRequest(@Nullable AbstractSaml2AuthenticationRequest authenticationRequest, HttpServletRequest request, HttpServletResponse response) { if (authenticationRequest == null) { removeAuthenticationRequest(request, response); @@ -60,6 +62,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent } @Override + @Nullable public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response) { AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java index 847a5a52a96..f29f375021b 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java @@ -16,11 +16,12 @@ package org.springframework.security.saml2.provider.service.web; +import org.jspecify.annotations.Nullable; +import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; - /** * A repository for {@link AbstractSaml2AuthenticationRequest} * @@ -36,6 +37,7 @@ public interface Saml2AuthenticationRequestRepository