Remove BeanResolver Null Checks

StandardEvaluationContext.setBeanResolver now accepts a nullable
BeanResolver, so the workarounds added for the original limitation
are no longer needed. This removes the explicit null guards (and
equivalent Optional.ofNullable idiom) as well as the
@SuppressWarnings("NullAway") annotations introduced to silence
the false positives.

In addition to the seven sites that explicitly referenced
spring-projects/spring-framework#35371, two sites in
spring-security-core followed the same workaround pattern without
the comment marker (AbstractSecurityExpressionHandler and
DefaultMethodSecurityExpressionHandler) and have also been
simplified.

Closes gh-17816

Signed-off-by: Kim Tae Eun <snowykte0426@naver.com>

Author: snowykte0426

core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java

@@ -78,9 +78,7 @@ public final void setExpressionParser(ExpressionParser expressionParser) {
 	public final EvaluationContext createEvaluationContext(@Nullable Authentication authentication, T invocation) {
 		SecurityExpressionOperations root = createSecurityExpressionRoot(authentication, invocation);
 		StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
-		if (this.beanResolver != null) {
-			ctx.setBeanResolver(this.beanResolver);
-		}
+		ctx.setBeanResolver(this.beanResolver);
 		ctx.setRootObject(root);
 		return ctx;
 	}

core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java

@@ -23,7 +23,6 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.function.Supplier;
 import java.util.stream.Stream;
 
@@ -95,7 +94,7 @@ public EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Au
 		MethodSecurityExpressionOperations root = createSecurityExpressionRoot(authentication, mi);
 		MethodSecurityEvaluationContext ctx = new MethodSecurityEvaluationContext(root, mi,
 				getParameterNameDiscoverer());
-		Optional.ofNullable(getBeanResolver()).ifPresent(ctx::setBeanResolver);
+		ctx.setBeanResolver(getBeanResolver());
 		return ctx;
 	}
 

messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java

@@ -20,7 +20,6 @@
 
 import org.jspecify.annotations.Nullable;
 
-import org.springframework.expression.BeanResolver;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.messaging.Message;
@@ -47,11 +46,7 @@ public EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Au
 			Message<T> message) {
 		MessageSecurityExpressionRoot<T> root = createSecurityExpressionRoot(authentication, message);
 		StandardEvaluationContext ctx = new StandardEvaluationContext(root);
-		BeanResolver beanResolver = getBeanResolver();
-		if (beanResolver != null) {
-			// https://github.com/spring-projects/spring-framework/issues/35371
-			ctx.setBeanResolver(beanResolver);
-		}
+		ctx.setBeanResolver(getBeanResolver());
 		return ctx;
 	}
 

messaging/src/main/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolver.java

@@ -175,10 +175,7 @@ public Mono<Object> resolveArgument(MethodParameter parameter, Message<?> messag
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
-			if (this.beanResolver != null) {
-				// https://github.com/spring-projects/spring-framework/issues/35371
-				context.setBeanResolver(this.beanResolver);
-			}
+			context.setBeanResolver(this.beanResolver);
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContext = expression.getValue(context);
 		}

web/src/main/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandler.java

@@ -48,7 +48,6 @@ public class DefaultHttpSecurityExpressionHandler extends AbstractSecurityExpres
 	private String defaultRolePrefix = DEFAULT_ROLE_PREFIX;
 
 	@Override
-	@SuppressWarnings("NullAway") // https://github.com/spring-projects/spring-framework/issues/35371
 	public EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication,
 			RequestAuthorizationContext context) {
 		WebSecurityExpressionRoot root = createSecurityExpressionRoot(authentication, context);

web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java

@@ -126,10 +126,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(principal);
 			context.setVariable("this", principal);
-			// https://github.com/spring-projects/spring-framework/issues/35371
-			if (this.beanResolver != null) {
-				context.setBeanResolver(this.beanResolver);
-			}
+			context.setBeanResolver(this.beanResolver);
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}

web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java

@@ -160,10 +160,7 @@ public void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDef
 			StandardEvaluationContext context = new StandardEvaluationContext();
 			context.setRootObject(securityContext);
 			context.setVariable("this", securityContext);
-			// https://github.com/spring-projects/spring-framework/issues/35371
-			if (this.beanResolver != null) {
-				context.setBeanResolver(this.beanResolver);
-			}
+			context.setBeanResolver(this.beanResolver);
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			securityContextResult = expression.getValue(context);
 		}

web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java

@@ -95,7 +95,6 @@ public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bi
 			});
 	}
 
-	@SuppressWarnings("NullAway") // https://github.com/spring-projects/spring-framework/issues/35371
 	private @Nullable Object resolvePrincipal(MethodParameter parameter, @Nullable Object principal) {
 		AuthenticationPrincipal annotation = findMethodAnnotation(parameter);
 		if (annotation == null) {

web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java

@@ -141,7 +141,6 @@ public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bi
 		return securityContext;
 	}
 
-	@SuppressWarnings("NullAway") // https://github.com/spring-projects/spring-framework/issues/35371
 	private @Nullable Object resolveSecurityContextFromAnnotation(CurrentSecurityContext annotation,
 			MethodParameter parameter, Object securityContext) {
 		Object securityContextResult = securityContext;