Merge branch 'main' into gh-18461

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>

Author: rwinch

aspects/spring-security-aspects.gradle

@@ -1,13 +1,16 @@
 apply plugin: 'io.spring.convention.spring-module'
 apply plugin: 'io.freefair.aspectj'
+apply plugin: 'compile-warnings-error'
 
 compileAspectj {
 	sourceCompatibility = "17"
 	targetCompatibility = "17"
+	ajcOptions.compilerArgs += ['-Xlint:ignore']
 }
 compileTestAspectj {
 	sourceCompatibility = "17"
 	targetCompatibility = "17"
+	ajcOptions.compilerArgs += ['-Xlint:ignore']
 }
 
 dependencies {

cas/spring-security-cas.gradle

@@ -1,6 +1,7 @@
 plugins {
 	id 'security-nullability'
 	id 'javadoc-warnings-error'
+	id 'compile-warnings-error'
 }
 
 apply plugin: 'io.spring.convention.spring-module'

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java

@@ -91,7 +91,8 @@ public final void commence(final HttpServletRequest servletRequest, HttpServletR
 	 */
 	protected String createServiceUrl(HttpServletRequest request, HttpServletResponse response) {
 		return WebUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null,
-				this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
+				this.serviceProperties.getServiceParameter(), this.serviceProperties.getArtifactParameter(),
+				this.encodeServiceUrlWithSessionId);
 	}
 
 	/**

config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java

@@ -20,6 +20,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import org.jspecify.annotations.NullMarked;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
@@ -98,12 +99,14 @@ public void authenticationManagerFactoryWhenCustomAuthoritiesMapperThenUsed() th
 	public void authenticationManagerFactoryWhenCustomUserDetailsContextMapperThenUsed() throws Exception {
 		CustomUserDetailsContextMapperConfig.CONTEXT_MAPPER = new UserDetailsContextMapper() {
 			@Override
+			@NullMarked
 			public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
 					Collection<? extends GrantedAuthority> authorities) {
 				return User.withUsername("other").password("password").roles("USER").build();
 			}
 
 			@Override
+			@NullMarked
 			public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
 			}
 		};

core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java

@@ -38,30 +38,30 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 
 	private static final long serialVersionUID = 1L;
 
-	private final Object credentials;
+	private final @Nullable Object credentials;
 
 	private final Object principal;
 
-	public TestingAuthenticationToken(Object principal, Object credentials) {
+	public TestingAuthenticationToken(Object principal, @Nullable Object credentials) {
 		super((Collection<? extends GrantedAuthority>) null);
 		this.principal = principal;
 		this.credentials = credentials;
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials, String... authorities) {
+	public TestingAuthenticationToken(Object principal, @Nullable Object credentials, String... authorities) {
 		this(principal, credentials, AuthorityUtils.createAuthorityList(authorities));
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials, GrantedAuthority... authorities) {
+	public TestingAuthenticationToken(Object principal, @Nullable Object credentials, GrantedAuthority... authorities) {
 		this(principal, credentials, Arrays.asList(authorities));
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials,
+	public TestingAuthenticationToken(Object principal, @Nullable Object credentials,
 			List<? extends GrantedAuthority> authorities) {
 		this(principal, credentials, (Collection<? extends GrantedAuthority>) authorities);
 	}
 
-	public TestingAuthenticationToken(Object principal, Object credentials,
+	public TestingAuthenticationToken(Object principal, @Nullable Object credentials,
 			Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
 		this.principal = principal;
@@ -76,7 +76,7 @@ protected TestingAuthenticationToken(Builder<?> builder) {
 	}
 
 	@Override
-	public Object getCredentials() {
+	public @Nullable Object getCredentials() {
 		return this.credentials;
 	}
 
@@ -99,7 +99,7 @@ public static class Builder<B extends Builder<B>> extends AbstractAuthentication
 
 		private Object principal;
 
-		private Object credentials;
+		private @Nullable Object credentials;
 
 		protected Builder(TestingAuthenticationToken token) {
 			super(token);
@@ -116,7 +116,6 @@ public B principal(@Nullable Object principal) {
 
 		@Override
 		public B credentials(@Nullable Object credentials) {
-			Assert.notNull(credentials, "credentials cannot be null");
 			this.credentials = credentials;
 			return (B) this;
 		}

core/src/main/java/org/springframework/security/authorization/RequiredFactor.java

@@ -122,7 +122,7 @@ public static class Builder {
 		 * @param authority the authority.
 		 * @return the builder.
 		 */
-		public Builder authority(String authority) {
+		public Builder authority(@Nullable String authority) {
 			this.authority = authority;
 			return this;
 		}
@@ -205,7 +205,7 @@ public Builder x509Authority() {
 		 * @param validDuration the {@link Duration}.
 		 * @return
 		 */
-		public Builder validDuration(Duration validDuration) {
+		public Builder validDuration(@Nullable Duration validDuration) {
 			this.validDuration = validDuration;
 			return this;
 		}

docs/spring-security-docs.gradle

@@ -5,6 +5,7 @@ plugins {
 	id 'security-kotlin'
 	id 'java-toolchain'
 	id 'test-compile-target-jdk25'
+	id 'compile-warnings-error'
 }
 
 apply plugin: 'io.spring.convention.docs'

docs/src/test/kotlin/org/springframework/security/kt/docs/features/authentication/authenticationcompromisedpasswordcheck/CompromisedPasswordCheckerUsage.kt

@@ -15,7 +15,7 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
 import org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
 
 
-class CompromisedPasswordCheckerUsage {
+open class CompromisedPasswordCheckerUsage {
     // tag::configuration[]
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {

docs/src/test/kotlin/org/springframework/security/kt/docs/features/authentication/authenticationpasswordstoragedepgettingstarted/WithDefaultPasswordEncoderUsage.kt

@@ -4,6 +4,8 @@ import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetails
 
 class WithDefaultPasswordEncoderUsage {
+
+    @Suppress("DEPRECATION")
     fun createSingleUser(): UserDetails {
         // tag::createSingleUser[]
         val user = User.withDefaultPasswordEncoder()
@@ -17,6 +19,7 @@ class WithDefaultPasswordEncoderUsage {
         return user
     }
 
+    @Suppress("DEPRECATION")
     fun createMultipleUsers(): List<UserDetails> {
         // tag::createMultipleUsers[]
         val users = User.withDefaultPasswordEncoder()

docs/src/test/kotlin/org/springframework/security/kt/docs/features/authentication/authenticationpasswordstoragedpe/DelegatingPasswordEncoderUsage.kt

@@ -4,10 +4,8 @@ import org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.factory.PasswordEncoderFactories
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder
-import org.springframework.security.crypto.password.NoOpPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-import org.springframework.security.crypto.password.StandardPasswordEncoder
 import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
 
 class DelegatingPasswordEncoderUsage {
@@ -18,19 +16,20 @@ class DelegatingPasswordEncoderUsage {
         return passwordEncoder
     }
 
+    @Suppress("DEPRECATION")
     fun customDelegatingPasswordEncoder(): PasswordEncoder {
         // tag::createCustomPasswordEncoder[]
         val idForEncode = "bcrypt"
         val encoders: MutableMap<String, PasswordEncoder> = mutableMapOf()
         encoders[idForEncode] = BCryptPasswordEncoder()
-        encoders["noop"] = NoOpPasswordEncoder.getInstance()
+        encoders["noop"] = org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()
         encoders["pbkdf2"] = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_5()
         encoders["pbkdf2@SpringSecurity_v5_8"] = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8()
         encoders["scrypt"] = SCryptPasswordEncoder.defaultsForSpringSecurity_v4_1()
         encoders["scrypt@SpringSecurity_v5_8"] = SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8()
         encoders["argon2"] = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_2()
         encoders["argon2@SpringSecurity_v5_8"] = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8()
-        encoders["sha256"] = StandardPasswordEncoder()
+        encoders["sha256"] = org.springframework.security.crypto.password.StandardPasswordEncoder()
 
         val passwordEncoder: PasswordEncoder = DelegatingPasswordEncoder(idForEncode, encoders)
         // end::createCustomPasswordEncoder[]