Added nullable

ronodhirSoumik · ronodhirSoumik · commit b98c72e26d12 · 2026-04-06T01:09:27.000+06:00
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java
@@ -16,15 +16,10 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import java.util.Objects;
-
-import jakarta.servlet.http.HttpServletRequest;
-import org.jspecify.annotations.Nullable;
-import org.opensaml.core.xml.schema.XSString;
-import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.saml.saml2.core.Response;
-
 import org.springframework.http.HttpMethod;
+
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
@@ -35,11 +30,12 @@
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
 import org.springframework.security.web.authentication.AuthenticationConverter;
+import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
+import jakarta.servlet.http.HttpServletRequest;
 
 final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter {
 
@@ -96,8 +92,14 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 	 * @throws Saml2AuthenticationException if the {@link RequestMatcher} specifies a
 	 * non-existent {@code registrationId}
 	 */
+	
 	@Override
+<<<<<<< HEAD
 	public @Nullable Saml2AuthenticationToken convert(HttpServletRequest request) {
+=======
+	@Nullable
+	public Saml2AuthenticationToken convert(HttpServletRequest request) {
+>>>>>>> 46ffe65384 (Added nullable)
 		String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		if (serialized == null) {
 			return null;
@@ -115,8 +117,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		}
 		return token;
 	}
-
-	private @Nullable Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) {
+	
+	@Nullable
+	private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) {
 		AbstractSaml2AuthenticationRequest authenticationRequest = this.authenticationRequests
 			.loadAuthenticationRequest(request);
 		if (authenticationRequest == null) {
@@ -129,8 +132,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		return tokenByRegistration(request, registration, authenticationRequest);
 	}
-
-	private @Nullable Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request,
+	
+	@Nullable
+	private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request,
 			RequestMatcher.MatchResult result) {
 		String registrationId = result.getVariables().get("registrationId");
 		if (registrationId == null) {
@@ -140,21 +144,18 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		return tokenByRegistration(request, registration, null);
 	}
 
-	private @Nullable Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) {
-		String decoded = decode(request);
-		if (decoded == null) {
-			return null;
-		}
-		Response response = this.saml.deserialize(decoded);
-		Issuer issuer = response.getIssuer();
-		Assert.notNull(issuer, "Response#Issuer cannot be null");
-		RelyingPartyRegistration registration = this.registrations.findUniqueByAssertingPartyEntityId(getValue(issuer));
+	@Nullable
+	private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) {
+		Response response = this.saml.deserialize(decode(request));
+		String issuer = response.getIssuer().getValue();
+		RelyingPartyRegistration registration = this.registrations.findUniqueByAssertingPartyEntityId(issuer);
 		return tokenByRegistration(request, registration, null);
 	}
 
-	private @Nullable Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request,
-			@Nullable RelyingPartyRegistration registration,
-			@Nullable AbstractSaml2AuthenticationRequest authenticationRequest) {
+	@Nullable
+	private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, 
+			@Nullable RelyingPartyRegistration registration, 
+			@Nulable AbstractSaml2AuthenticationRequest authenticationRequest) {
 		if (registration == null) {
 			return null;
 		}
@@ -205,7 +206,8 @@ void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.shouldConvertGetRequests = shouldConvertGetRequests;
 	}
 
-	private @Nullable String decode(HttpServletRequest request) {
+	@Nullable
+	private String decode(HttpServletRequest request) {
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		boolean isGet = HttpMethod.GET.matches(request.getMethod());
 		if (!this.shouldConvertGetRequests && isGet) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java
@@ -16,16 +16,16 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import org.jspecify.annotations.Nullable;
-
 import org.springframework.cache.Cache;
 import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 /**
  * A cache-based {@link Saml2AuthenticationRequestRepository}. This can be handy when you
  * are dropping requests due to using SameSite=Strict and the previous session is lost.
@@ -44,7 +44,8 @@ public final class CacheSaml2AuthenticationRequestRepository
 	private Cache cache = new ConcurrentMapCache("authentication-requests");
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
+	@Nullable
+	public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
 		Assert.notNull(relayState, "relayState must not be null");
 		return this.cache.get(relayState, AbstractSaml2AuthenticationRequest.class);
@@ -60,7 +61,8 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent
 	}
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
+	@Nullable
+	public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
 			HttpServletResponse response) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
 		Assert.notNull(relayState, "relayState must not be null");
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java
@@ -17,13 +17,11 @@
 package org.springframework.security.saml2.provider.service.web;
 
 import java.util.Map;
-import java.util.Objects;
+import java.util.regex.MatchResult;
 
-import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.jspecify.annotations.Nullable;
-
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.server.PathContainer;
 import org.springframework.http.server.RequestPath;
@@ -33,6 +31,8 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+
 /**
  * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the
  * registration id from the request, querying a
@@ -78,15 +78,17 @@ public DefaultRelyingPartyRegistrationResolver(
 	 * {@inheritDoc}
 	 */
 	@Override
-	public @Nullable RelyingPartyRegistration convert(HttpServletRequest request) {
+	@Nullable
+	public RelyingPartyRegistration convert(HttpServletRequest request) {
 		return resolve(request, null);
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	@Override
-	public @Nullable RelyingPartyRegistration resolve(HttpServletRequest request,
+	@Nullable
+	public RelyingPartyRegistration resolve(HttpServletRequest request, 
 			@Nullable String relyingPartyRegistrationId) {
 		if (relyingPartyRegistrationId == null) {
 			if (this.logger.isTraceEnabled()) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java
@@ -16,13 +16,14 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
+import org.jspecify.annotations.Nullable;
+import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 import org.jspecify.annotations.Nullable;
 
-import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
-
 /**
  * A {@link Saml2AuthenticationRequestRepository} implementation that uses
  * {@link HttpSession} to store and retrieve the
@@ -41,7 +42,8 @@ public class HttpSessionSaml2AuthenticationRequestRepository
 	private String saml2AuthnRequestAttributeName = DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME;
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
+	@Nullable
+	public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
 		HttpSession httpSession = request.getSession(false);
 		if (httpSession == null) {
 			return null;
@@ -50,7 +52,7 @@ public class HttpSessionSaml2AuthenticationRequestRepository
 	}
 
 	@Override
-	public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest,
+	public void saveAuthenticationRequest(@Nullable AbstractSaml2AuthenticationRequest authenticationRequest,
 			HttpServletRequest request, HttpServletResponse response) {
 		if (authenticationRequest == null) {
 			removeAuthenticationRequest(request, response);
@@ -61,7 +63,8 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent
 	}
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
+	@Nullable
+	public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
 			HttpServletResponse response) {
 		AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request);
 		if (authenticationRequest == null) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationRequestRepository.java
@@ -16,12 +16,13 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
+import org.jspecify.annotations.Nullable;
+import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.jspecify.annotations.Nullable;
 
-import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
-
 /**
  * A repository for {@link AbstractSaml2AuthenticationRequest}
  *
@@ -37,7 +38,8 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @return the {@link AbstractSaml2AuthenticationRequest} or {@code null} if it is not
 	 * present
 	 */
-	@Nullable T loadAuthenticationRequest(HttpServletRequest request);
+	@Nullable
+	T loadAuthenticationRequest(HttpServletRequest request);
 
 	/**
 	 * Saves the current authentication request using the {@link HttpServletRequest} and
@@ -46,7 +48,7 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @param request the current request
 	 * @param response the current response
 	 */
-	void saveAuthenticationRequest(T authenticationRequest, HttpServletRequest request, HttpServletResponse response);
+	void saveAuthenticationRequest(@Nullable T authenticationRequest, HttpServletRequest request, HttpServletResponse response);
 
 	/**
 	 * Removes the authentication request using the {@link HttpServletRequest} and
@@ -56,6 +58,7 @@ public interface Saml2AuthenticationRequestRepository<T extends AbstractSaml2Aut
 	 * @return the removed {@link AbstractSaml2AuthenticationRequest} or {@code null} if
 	 * it is not present
 	 */
-	@Nullable T removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response);
+	@Nullable
+	T removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response);
 
 }
