From da8eb7d629e9d2e4e53f1f7541599b6001a1c127 Mon Sep 17 00:00:00 2001 From: Soumik Sarker Date: Tue, 18 Nov 2025 00:26:36 +0600 Subject: [PATCH 1/3] Initial commit with package initiation and gradle Signed-off-by: Soumik Sarker --- saml2/package-info.java | 22 +++++++++++++++++++ ...ing-security-saml2-service-provider.gradle | 4 ++++ .../security/saml2/core/package-info.java | 22 +++++++++++++++++++ .../security/saml2/internal/package-info.java | 22 +++++++++++++++++++ .../security/saml2/jackson/package-info.java | 3 +++ .../security/saml2/jackson2/package-info.java | 3 +++ .../authentication/logout/package-info.java | 22 +++++++++++++++++++ .../service/authentication/package-info.java | 22 +++++++++++++++++++ .../service/metadata/package-info.java | 22 +++++++++++++++++++ .../saml2/provider/service/package-info.java | 22 +++++++++++++++++++ .../service/registration/package-info.java | 22 +++++++++++++++++++ .../authentication/logout/package-info.java | 22 +++++++++++++++++++ .../web/authentication/package-info.java | 22 +++++++++++++++++++ .../service/web/metadata/package-info.java | 22 +++++++++++++++++++ .../provider/service/web/package-info.java | 22 +++++++++++++++++++ 15 files changed, 274 insertions(+) create mode 100644 saml2/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/package-info.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/package-info.java diff --git a/saml2/package-info.java b/saml2/package-info.java new file mode 100644 index 00000000000..ec90e68b0c0 --- /dev/null +++ b/saml2/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle index 140f8a91e78..838325b07e2 100644 --- a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle +++ b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle @@ -1,3 +1,7 @@ +plugins { + id 'security-nullability' +} + apply plugin: 'io.spring.convention.spring-module' configurations { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java new file mode 100644 index 00000000000..c73b842ddf2 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.core; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java new file mode 100644 index 00000000000..0c025f7ac47 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.internal; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java index 061f69b005a..ef6500ed9ae 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java @@ -17,4 +17,7 @@ /** * Jackson 3+ serialization support for SAML2. */ +@NullMarked package org.springframework.security.saml2.jackson; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java index eef3717f173..7a22cf15a0c 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/package-info.java @@ -17,4 +17,7 @@ /** * Jackson 2 serialization support for SAML2. */ +@NullMarked package org.springframework.security.saml2.jackson2; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java new file mode 100644 index 00000000000..5e301b025ac --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.authentication.logout; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java new file mode 100644 index 00000000000..4ef3798e544 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.authentication; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java new file mode 100644 index 00000000000..18ae781dba0 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.metadata; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java new file mode 100644 index 00000000000..582f798f1e7 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java new file mode 100644 index 00000000000..0a0bc2a0718 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.registration; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java new file mode 100644 index 00000000000..c8f45596ba3 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.web.logout; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java new file mode 100644 index 00000000000..f496cea5af1 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.web.authentication; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/package-info.java new file mode 100644 index 00000000000..b282c32ee3f --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml.web.metadata; + +import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/package-info.java new file mode 100644 index 00000000000..ba657c71b9d --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Core Spring Security SAML 2.0 abstractions. + */ +@NullMarked +package org.springframework.security.saml2.provider.service.web; + +import org.jspecify.annotations.NullMarked; From cd51b58437cd2cd098a07f42738e8122120074fd Mon Sep 17 00:00:00 2001 From: Soumik Sarker Date: Tue, 18 Nov 2025 00:33:25 +0600 Subject: [PATCH 2/3] Added jspecifiy nullable 1 Signed-off-by: Soumik Sarker --- .../security/saml2/jackson/.LCKpackage-info.java~ | 1 + .../authentication/Saml2AuthenticatedPrincipal.java | 3 ++- .../provider/service/authentication/package-info.java | 2 +- .../registration/AssertingPartyMetadataRepository.java | 2 +- .../BaseOpenSamlAssertingPartyMetadataRepository.java | 3 +-- .../service/web/authentication/logout/package-info.java | 2 +- .../provider/service/web/authentication/package-info.java | 2 +- .../authentication/OpenSaml5AuthenticationProvider.java | 2 +- .../OpenSaml5AssertingPartyMetadataRepository.java | 6 +++--- .../authentication/TestCustomOpenSaml5Objects.java | 8 ++++---- 10 files changed, 16 insertions(+), 15 deletions(-) create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ new file mode 100644 index 00000000000..25359e7b23f --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ @@ -0,0 +1 @@ +/home/soumik-sarker/spring-security/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java \ No newline at end of file diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java index 6bd87e6d532..a2db6500f0c 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java @@ -20,7 +20,7 @@ import java.util.List; import java.util.Map; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; import org.springframework.security.core.AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.util.CollectionUtils; @@ -76,6 +76,7 @@ default Map> getAttributes() { * @return the {@link RelyingPartyRegistration} identifier * @since 5.6 */ + @Nullable default String getRelyingPartyRegistrationId() { return null; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java index 4ef3798e544..568b5ebf8ab 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java @@ -17,6 +17,6 @@ * Core Spring Security SAML 2.0 abstractions. */ @NullMarked -package org.springframework.security.saml2.authentication; +package org.springframework.security.saml2.provider.service.authentication; import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java index 0b2f15ac4ae..0e9722fc1ec 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadataRepository.java @@ -16,7 +16,7 @@ package org.springframework.security.saml2.provider.service.registration; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; /** * A repository for retrieving SAML 2.0 Asserting Party Metadata diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java index 48fb75a3d34..686aa3cc1a9 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java @@ -20,6 +20,7 @@ import java.util.Set; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.saml.criterion.EntityRoleCriterion; import org.opensaml.saml.metadata.IterableMetadataSource; @@ -30,9 +31,7 @@ import org.opensaml.saml.metadata.resolver.index.impl.RoleMetadataIndex; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; - import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; import org.springframework.security.saml2.Saml2Exception; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.util.Assert; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java index c8f45596ba3..7eb974246f4 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/package-info.java @@ -17,6 +17,6 @@ * Core Spring Security SAML 2.0 abstractions. */ @NullMarked -package org.springframework.security.saml2.web.logout; +package org.springframework.security.saml2.provider.service.web.authentication.logout; import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java index f496cea5af1..4f9f5f98874 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/package-info.java @@ -17,6 +17,6 @@ * Core Spring Security SAML 2.0 abstractions. */ @NullMarked -package org.springframework.security.saml2.web.authentication; +package org.springframework.security.saml2.provider.service.web.authentication; import org.jspecify.annotations.NullMarked; diff --git a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java index ba7db2718a2..c4de05e4e20 100644 --- a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java @@ -53,7 +53,7 @@ import org.springframework.core.convert.converter.Converter; import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; +import org.jspecify.annotations.Nullable; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; diff --git a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepository.java b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepository.java index a69e7bb7093..c65a9b2bd55 100644 --- a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepository.java +++ b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepository.java @@ -26,7 +26,7 @@ import java.util.Iterator; import java.util.function.Consumer; -import net.shibboleth.shared.resolver.CriteriaSet; +import org.jspecify.annotations.Nullable; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.saml.criterion.EntityRoleCriterion; @@ -41,17 +41,17 @@ import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap; import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine; - import org.springframework.core.io.DefaultResourceLoader; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; import org.springframework.security.saml2.Saml2Exception; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.provider.service.registration.BaseOpenSamlAssertingPartyMetadataRepository.MetadataResolverAdapter; import org.springframework.util.Assert; +import net.shibboleth.shared.resolver.CriteriaSet; + /** * An implementation of {@link AssertingPartyMetadataRepository} that uses a * {@link MetadataResolver} to retrieve {@link AssertingPartyMetadata} instances. diff --git a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/TestCustomOpenSaml5Objects.java b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/TestCustomOpenSaml5Objects.java index 0ae156d86f9..5987e14bc6a 100644 --- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/TestCustomOpenSaml5Objects.java +++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/TestCustomOpenSaml5Objects.java @@ -21,7 +21,7 @@ import javax.xml.namespace.QName; -import net.shibboleth.shared.xml.ElementSupport; +import org.jspecify.annotations.Nullable; import org.opensaml.core.xml.AbstractXMLObject; import org.opensaml.core.xml.AbstractXMLObjectBuilder; import org.opensaml.core.xml.ElementExtensibleXMLObject; @@ -36,11 +36,11 @@ import org.opensaml.core.xml.util.IndexedXMLObjectChildrenList; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.core.AttributeValue; -import org.w3c.dom.Element; - import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; import org.springframework.security.saml2.core.OpenSamlInitializationService; +import org.w3c.dom.Element; + +import net.shibboleth.shared.xml.ElementSupport; public final class TestCustomOpenSaml5Objects { From 46ffe65384e90743b744ce1a86522f828a123d7e Mon Sep 17 00:00:00 2001 From: Soumik Sarker Date: Wed, 19 Nov 2025 00:41:16 +0600 Subject: [PATCH 3/3] Added nullable --- .../saml2/jackson/.LCKpackage-info.java~ | 1 - ...eOpenSamlAuthenticationTokenConverter.java | 23 +++++++++++++------ ...eSaml2AuthenticationRequestRepository.java | 9 +++++--- ...faultRelyingPartyRegistrationResolver.java | 11 ++++++--- ...nSaml2AuthenticationRequestRepository.java | 9 +++++--- .../Saml2AuthenticationRequestRepository.java | 9 +++++--- 6 files changed, 42 insertions(+), 20 deletions(-) delete mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ deleted file mode 100644 index 25359e7b23f..00000000000 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~ +++ /dev/null @@ -1 +0,0 @@ -/home/soumik-sarker/spring-security/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java \ No newline at end of file diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java index 35f3d6e36f1..51960100127 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java @@ -16,10 +16,10 @@ package org.springframework.security.saml2.provider.service.web; -import jakarta.servlet.http.HttpServletRequest; import org.opensaml.saml.saml2.core.Response; - import org.springframework.http.HttpMethod; + +import org.jspecify.annotations.Nullable; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; import org.springframework.security.saml2.core.Saml2ParameterNames; @@ -30,11 +30,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.web.authentication.AuthenticationConverter; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; -import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; +import jakarta.servlet.http.HttpServletRequest; final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter { @@ -91,7 +92,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo * @throws Saml2AuthenticationException if the {@link RequestMatcher} specifies a * non-existent {@code registrationId} */ + @Override + @Nullable public Saml2AuthenticationToken convert(HttpServletRequest request) { String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE); if (serialized == null) { @@ -110,7 +113,8 @@ public Saml2AuthenticationToken convert(HttpServletRequest request) { } return token; } - + + @Nullable private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) { AbstractSaml2AuthenticationRequest authenticationRequest = this.authenticationRequests .loadAuthenticationRequest(request); @@ -121,7 +125,8 @@ private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId); return tokenByRegistration(request, registration, authenticationRequest); } - + + @Nullable private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request, RequestMatcher.MatchResult result) { String registrationId = result.getVariables().get("registrationId"); @@ -132,6 +137,7 @@ private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest reques return tokenByRegistration(request, registration, null); } + @Nullable private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) { Response response = this.saml.deserialize(decode(request)); String issuer = response.getIssuer().getValue(); @@ -139,8 +145,10 @@ private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) { return tokenByRegistration(request, registration, null); } - private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, - RelyingPartyRegistration registration, AbstractSaml2AuthenticationRequest authenticationRequest) { + @Nullable + private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, + @Nullable RelyingPartyRegistration registration, + @Nulable AbstractSaml2AuthenticationRequest authenticationRequest) { if (registration == null) { return null; } @@ -178,6 +186,7 @@ void setShouldConvertGetRequests(boolean shouldConvertGetRequests) { this.shouldConvertGetRequests = shouldConvertGetRequests; } + @Nullable private String decode(HttpServletRequest request) { String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE); boolean isGet = HttpMethod.GET.matches(request.getMethod()); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java index 675103c029c..16c38905f36 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java @@ -16,15 +16,16 @@ package org.springframework.security.saml2.provider.service.web; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - +import org.jspecify.annotations.Nullable; import org.springframework.cache.Cache; import org.springframework.cache.concurrent.ConcurrentMapCache; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.util.Assert; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + /** * A cache-based {@link Saml2AuthenticationRequestRepository}. This can be handy when you * are dropping requests due to using SameSite=Strict and the previous session is lost. @@ -43,6 +44,7 @@ public final class CacheSaml2AuthenticationRequestRepository private Cache cache = new ConcurrentMapCache("authentication-requests"); @Override + @Nullable public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) { String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE); Assert.notNull(relayState, "relayState must not be null"); @@ -58,6 +60,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent } @Override + @Nullable public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response) { String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java index 654d58dc389..cef1d9fde05 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java @@ -17,11 +17,11 @@ package org.springframework.security.saml2.provider.service.web; import java.util.Map; +import java.util.regex.MatchResult; -import jakarta.servlet.http.HttpServletRequest; +import org.jspecify.annotations.Nullable; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - import org.springframework.core.convert.converter.Converter; import org.springframework.http.server.PathContainer; import org.springframework.http.server.RequestPath; @@ -31,6 +31,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import jakarta.servlet.http.HttpServletRequest; + /** * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the * registration id from the request, querying a @@ -76,6 +78,7 @@ public DefaultRelyingPartyRegistrationResolver( * {@inheritDoc} */ @Override + @Nullable public RelyingPartyRegistration convert(HttpServletRequest request) { return resolve(request, null); } @@ -84,7 +87,9 @@ public RelyingPartyRegistration convert(HttpServletRequest request) { * {@inheritDoc} */ @Override - public RelyingPartyRegistration resolve(HttpServletRequest request, String relyingPartyRegistrationId) { + @Nullable + public RelyingPartyRegistration resolve(HttpServletRequest request, + @Nullable String relyingPartyRegistrationId) { if (relyingPartyRegistrationId == null) { if (this.logger.isTraceEnabled()) { this.logger.trace("Attempting to resolve from " + this.registrationRequestMatcher diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java index 6db40c942c5..be5bd700292 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java @@ -16,12 +16,13 @@ package org.springframework.security.saml2.provider.service.web; +import org.jspecify.annotations.Nullable; +import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; -import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; - /** * A {@link Saml2AuthenticationRequestRepository} implementation that uses * {@link HttpSession} to store and retrieve the @@ -40,6 +41,7 @@ public class HttpSessionSaml2AuthenticationRequestRepository private String saml2AuthnRequestAttributeName = DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME; @Override + @Nullable public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) { HttpSession httpSession = request.getSession(false); if (httpSession == null) { @@ -49,7 +51,7 @@ public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletR } @Override - public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, + public void saveAuthenticationRequest(@Nullable AbstractSaml2AuthenticationRequest authenticationRequest, HttpServletRequest request, HttpServletResponse response) { if (authenticationRequest == null) { removeAuthenticationRequest(request, response); @@ -60,6 +62,7 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent } @Override + @Nullable public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response) { AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java index 847a5a52a96..f29f375021b 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java @@ -16,11 +16,12 @@ package org.springframework.security.saml2.provider.service.web; +import org.jspecify.annotations.Nullable; +import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; - /** * A repository for {@link AbstractSaml2AuthenticationRequest} * @@ -36,6 +37,7 @@ public interface Saml2AuthenticationRequestRepository