Feature/added j specify nullity check in saml2 service provider

saml2/package-info.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Core Spring Security SAML 2.0 abstractions.
+ */
+@NullMarked
+package org.springframework.security.saml2;
+
+import org.jspecify.annotations.NullMarked;

saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle

@@ -1,6 +1,4 @@
 plugins {
-	id 'compile-warnings-error'
-	id 'javadoc-warnings-error'
 	id 'security-nullability'
 }
 
@@ -138,6 +136,10 @@ javadoc {
 	source = sourceSets.main.allJava + sourceSets.opensaml5Main.allJava
 }
 
+tasks.named("compileJava") {
+	options.nullability.checking = "main"
+}
+
 tasks.named("compileOpensaml5MainJava") {
 	options.nullability.checking = "main"
 }

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Core SAML2 types and utilities.
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.core;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/internal/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Internal utilities for SAML2 support (not for public use).
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.internal;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/.LCKpackage-info.java~

@@ -0,0 +1 @@
+/home/soumik-sarker/spring-security/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson/package-info.java

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java

@@ -20,8 +20,7 @@
 import java.util.List;
 import java.util.Map;
 
-import org.jspecify.annotations.NullUnmarked;
-
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.util.CollectionUtils;
@@ -76,6 +75,7 @@ default Map<String, List<Object>> getAttributes() {
 	 * @return the {@link RelyingPartyRegistration} identifier
 	 * @since 5.6
 	 */
+	@Nullable	
 	default String getRelyingPartyRegistrationId() {
 		return null;
 	}

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Internal utilities for SAML2 support (not for public use).
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.provider.service.authentication.logout;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Internal utilities for SAML2 support (not for public use).
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.provider.service.authentication;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Internal utilities for SAML2 support (not for public use).
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.provider.service.metadata;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/package-info.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Core Spring Security SAML 2.0 abstractions.
+ */
+@NullMarked
+package org.springframework.security.saml2.provider.service;
+
+import org.jspecify.annotations.NullMarked;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/BaseOpenSamlAssertingPartyMetadataRepository.java

@@ -31,7 +31,7 @@
 import org.opensaml.saml.metadata.resolver.index.impl.RoleMetadataIndex;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-
+import org.springframework.lang.NonNull;
 import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.util.Assert;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/package-info.java

@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 /**
- * Internal utilities for SAML2 support (not for public use).
+ * Core Spring Security SAML 2.0 abstractions.
  */
 @NullMarked
 package org.springframework.security.saml2.provider.service.registration;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java

@@ -16,15 +16,10 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import java.util.Objects;
-
-import jakarta.servlet.http.HttpServletRequest;
-import org.jspecify.annotations.Nullable;
-import org.opensaml.core.xml.schema.XSString;
-import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.saml.saml2.core.Response;
-
 import org.springframework.http.HttpMethod;
+
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
@@ -35,11 +30,12 @@
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
 import org.springframework.security.web.authentication.AuthenticationConverter;
+import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
+import jakarta.servlet.http.HttpServletRequest;
 
 final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter {
 
@@ -96,8 +92,14 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 	 * @throws Saml2AuthenticationException if the {@link RequestMatcher} specifies a
 	 * non-existent {@code registrationId}
 	 */
+
 	@Override
+<<<<<<< HEAD
 	public @Nullable Saml2AuthenticationToken convert(HttpServletRequest request) {
+=======
+	@Nullable
+	public Saml2AuthenticationToken convert(HttpServletRequest request) {
+>>>>>>> 46ffe65384 (Added nullable)
 		String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		if (serialized == null) {
 			return null;
@@ -115,8 +117,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		}
 		return token;
 	}
-
-	private @Nullable Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) {
+
+	@Nullable
+	private Saml2AuthenticationToken tokenByAuthenticationRequest(HttpServletRequest request) {
 		AbstractSaml2AuthenticationRequest authenticationRequest = this.authenticationRequests
 			.loadAuthenticationRequest(request);
 		if (authenticationRequest == null) {
@@ -129,8 +132,9 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		return tokenByRegistration(request, registration, authenticationRequest);
 	}
-
-	private @Nullable Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request,
+
+	@Nullable
+	private Saml2AuthenticationToken tokenByRegistrationId(HttpServletRequest request,
 			RequestMatcher.MatchResult result) {
 		String registrationId = result.getVariables().get("registrationId");
 		if (registrationId == null) {
@@ -140,21 +144,18 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		return tokenByRegistration(request, registration, null);
 	}
 
-	private @Nullable Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) {
-		String decoded = decode(request);
-		if (decoded == null) {
-			return null;
-		}
-		Response response = this.saml.deserialize(decoded);
-		Issuer issuer = response.getIssuer();
-		Assert.notNull(issuer, "Response#Issuer cannot be null");
-		RelyingPartyRegistration registration = this.registrations.findUniqueByAssertingPartyEntityId(getValue(issuer));
+	@Nullable
+	private Saml2AuthenticationToken tokenByEntityId(HttpServletRequest request) {
+		Response response = this.saml.deserialize(decode(request));
+		String issuer = response.getIssuer().getValue();
+		RelyingPartyRegistration registration = this.registrations.findUniqueByAssertingPartyEntityId(issuer);
 		return tokenByRegistration(request, registration, null);
 	}
 
-	private @Nullable Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request,
-			@Nullable RelyingPartyRegistration registration,
-			@Nullable AbstractSaml2AuthenticationRequest authenticationRequest) {
+	@Nullable
+	private Saml2AuthenticationToken tokenByRegistration(HttpServletRequest request, 
+			@Nullable RelyingPartyRegistration registration, 
+			@Nulable AbstractSaml2AuthenticationRequest authenticationRequest) {
 		if (registration == null) {
 			return null;
 		}
@@ -205,7 +206,8 @@ void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.shouldConvertGetRequests = shouldConvertGetRequests;
 	}
 
-	private @Nullable String decode(HttpServletRequest request) {
+	@Nullable
+	private String decode(HttpServletRequest request) {
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		boolean isGet = HttpMethod.GET.matches(request.getMethod());
 		if (!this.shouldConvertGetRequests && isGet) {

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java

@@ -16,16 +16,16 @@
 
 package org.springframework.security.saml2.provider.service.web;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import org.jspecify.annotations.Nullable;
-
 import org.springframework.cache.Cache;
 import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 /**
  * A cache-based {@link Saml2AuthenticationRequestRepository}. This can be handy when you
  * are dropping requests due to using SameSite=Strict and the previous session is lost.
@@ -44,7 +44,8 @@ public final class CacheSaml2AuthenticationRequestRepository
 	private Cache cache = new ConcurrentMapCache("authentication-requests");
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
+	@Nullable
+	public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest request) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
 		Assert.notNull(relayState, "relayState must not be null");
 		return this.cache.get(relayState, AbstractSaml2AuthenticationRequest.class);
@@ -60,7 +61,8 @@ public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authent
 	}
 
 	@Override
-	public @Nullable AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
+	@Nullable
+	public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request,
 			HttpServletResponse response) {
 		String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
 		Assert.notNull(relayState, "relayState must not be null");

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java

@@ -17,13 +17,11 @@
 package org.springframework.security.saml2.provider.service.web;
 
 import java.util.Map;
-import java.util.Objects;
+import java.util.regex.MatchResult;
 
-import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.jspecify.annotations.Nullable;
-
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.server.PathContainer;
 import org.springframework.http.server.RequestPath;
@@ -33,6 +31,8 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
+import jakarta.servlet.http.HttpServletRequest;
+
 /**
  * A {@link Converter} that resolves a {@link RelyingPartyRegistration} by extracting the
  * registration id from the request, querying a
@@ -78,15 +78,17 @@ public DefaultRelyingPartyRegistrationResolver(
 	 * {@inheritDoc}
 	 */
 	@Override
-	public @Nullable RelyingPartyRegistration convert(HttpServletRequest request) {
+	@Nullable
+	public RelyingPartyRegistration convert(HttpServletRequest request) {
 		return resolve(request, null);
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	@Override
-	public @Nullable RelyingPartyRegistration resolve(HttpServletRequest request,
+	@Nullable
+	public RelyingPartyRegistration resolve(HttpServletRequest request, 
 			@Nullable String relyingPartyRegistrationId) {
 		if (relyingPartyRegistrationId == null) {
 			if (this.logger.isTraceEnabled()) {