Add nullability annotations to module/spring-boot-security-saml2

See gh-46587

Author: mhalbritter

module/spring-boot-security-saml2/src/main/java/org/springframework/boot/security/saml2/autoconfigure/Saml2RelyingPartyProperties.java

@@ -21,6 +21,8 @@
 import java.util.List;
 import java.util.Map;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.core.io.Resource;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
@@ -76,7 +78,7 @@ public static class Registration {
 		/**
 		 * Name ID format for a relying party registration.
 		 */
-		private String nameIdFormat;
+		private @Nullable String nameIdFormat;
 
 		public String getEntityId() {
 			return this.entityId;
@@ -106,11 +108,11 @@ public AssertingParty getAssertingparty() {
 			return this.assertingparty;
 		}
 
-		public String getNameIdFormat() {
+		public @Nullable String getNameIdFormat() {
 			return this.nameIdFormat;
 		}
 
-		public void setNameIdFormat(String nameIdFormat) {
+		public void setNameIdFormat(@Nullable String nameIdFormat) {
 			this.nameIdFormat = nameIdFormat;
 		}
 
@@ -166,26 +168,26 @@ public static class Credential {
 				/**
 				 * Private key used for signing.
 				 */
-				private Resource privateKeyLocation;
+				private @Nullable Resource privateKeyLocation;
 
 				/**
 				 * Relying Party X509Certificate shared with the identity provider.
 				 */
-				private Resource certificateLocation;
+				private @Nullable Resource certificateLocation;
 
-				public Resource getPrivateKeyLocation() {
+				public @Nullable Resource getPrivateKeyLocation() {
 					return this.privateKeyLocation;
 				}
 
-				public void setPrivateKeyLocation(Resource privateKey) {
+				public void setPrivateKeyLocation(@Nullable Resource privateKey) {
 					this.privateKeyLocation = privateKey;
 				}
 
-				public Resource getCertificateLocation() {
+				public @Nullable Resource getCertificateLocation() {
 					return this.certificateLocation;
 				}
 
-				public void setCertificateLocation(Resource certificate) {
+				public void setCertificateLocation(@Nullable Resource certificate) {
 					this.certificateLocation = certificate;
 				}
 
@@ -215,26 +217,26 @@ public static class Credential {
 			/**
 			 * Private key used for decrypting.
 			 */
-			private Resource privateKeyLocation;
+			private @Nullable Resource privateKeyLocation;
 
 			/**
 			 * Relying Party X509Certificate shared with the identity provider.
 			 */
-			private Resource certificateLocation;
+			private @Nullable Resource certificateLocation;
 
-			public Resource getPrivateKeyLocation() {
+			public @Nullable Resource getPrivateKeyLocation() {
 				return this.privateKeyLocation;
 			}
 
-			public void setPrivateKeyLocation(Resource privateKey) {
+			public void setPrivateKeyLocation(@Nullable Resource privateKey) {
 				this.privateKeyLocation = privateKey;
 			}
 
-			public Resource getCertificateLocation() {
+			public @Nullable Resource getCertificateLocation() {
 				return this.certificateLocation;
 			}
 
-			public void setCertificateLocation(Resource certificate) {
+			public void setCertificateLocation(@Nullable Resource certificate) {
 				this.certificateLocation = certificate;
 			}
 
@@ -250,32 +252,32 @@ public static class AssertingParty {
 		/**
 		 * Unique identifier for the identity provider.
 		 */
-		private String entityId;
+		private @Nullable String entityId;
 
 		/**
 		 * URI to the metadata endpoint for discovery-based configuration.
 		 */
-		private String metadataUri;
+		private @Nullable String metadataUri;
 
 		private final Singlesignon singlesignon = new Singlesignon();
 
 		private final Verification verification = new Verification();
 
 		private final Singlelogout singlelogout = new Singlelogout();
 
-		public String getEntityId() {
+		public @Nullable String getEntityId() {
 			return this.entityId;
 		}
 
-		public void setEntityId(String entityId) {
+		public void setEntityId(@Nullable String entityId) {
 			this.entityId = entityId;
 		}
 
-		public String getMetadataUri() {
+		public @Nullable String getMetadataUri() {
 			return this.metadataUri;
 		}
 
-		public void setMetadataUri(String metadataUri) {
+		public void setMetadataUri(@Nullable String metadataUri) {
 			this.metadataUri = metadataUri;
 		}
 
@@ -299,43 +301,39 @@ public static class Singlesignon {
 			/**
 			 * Remote endpoint to send authentication requests to.
 			 */
-			private String url;
+			private @Nullable String url;
 
 			/**
 			 * Whether to redirect or post authentication requests.
 			 */
-			private Saml2MessageBinding binding;
+			private @Nullable Saml2MessageBinding binding;
 
 			/**
 			 * Whether to sign authentication requests.
 			 */
-			private Boolean signRequest;
+			private @Nullable Boolean signRequest;
 
-			public String getUrl() {
+			public @Nullable String getUrl() {
 				return this.url;
 			}
 
-			public void setUrl(String url) {
+			public void setUrl(@Nullable String url) {
 				this.url = url;
 			}
 
-			public Saml2MessageBinding getBinding() {
+			public @Nullable Saml2MessageBinding getBinding() {
 				return this.binding;
 			}
 
-			public void setBinding(Saml2MessageBinding binding) {
+			public void setBinding(@Nullable Saml2MessageBinding binding) {
 				this.binding = binding;
 			}
 
-			public boolean isSignRequest() {
-				return this.signRequest;
-			}
-
-			public Boolean getSignRequest() {
+			public @Nullable Boolean getSignRequest() {
 				return this.signRequest;
 			}
 
-			public void setSignRequest(Boolean signRequest) {
+			public void setSignRequest(@Nullable Boolean signRequest) {
 				this.signRequest = signRequest;
 			}
 
@@ -365,13 +363,13 @@ public static class Credential {
 				 * Locations of the X.509 certificate used for verification of incoming
 				 * SAML messages.
 				 */
-				private Resource certificate;
+				private @Nullable Resource certificate;
 
-				public Resource getCertificateLocation() {
+				public @Nullable Resource getCertificateLocation() {
 					return this.certificate;
 				}
 
-				public void setCertificateLocation(Resource certificate) {
+				public void setCertificateLocation(@Nullable Resource certificate) {
 					this.certificate = certificate;
 				}
 
@@ -389,39 +387,39 @@ public static class Singlelogout {
 		/**
 		 * Location where SAML2 LogoutRequest gets sent to.
 		 */
-		private String url;
+		private @Nullable String url;
 
 		/**
 		 * Location where SAML2 LogoutResponse gets sent to.
 		 */
-		private String responseUrl;
+		private @Nullable String responseUrl;
 
 		/**
 		 * Whether to redirect or post logout requests.
 		 */
-		private Saml2MessageBinding binding;
+		private @Nullable Saml2MessageBinding binding;
 
-		public String getUrl() {
+		public @Nullable String getUrl() {
 			return this.url;
 		}
 
-		public void setUrl(String url) {
+		public void setUrl(@Nullable String url) {
 			this.url = url;
 		}
 
-		public String getResponseUrl() {
+		public @Nullable String getResponseUrl() {
 			return this.responseUrl;
 		}
 
-		public void setResponseUrl(String responseUrl) {
+		public void setResponseUrl(@Nullable String responseUrl) {
 			this.responseUrl = responseUrl;
 		}
 
-		public Saml2MessageBinding getBinding() {
+		public @Nullable Saml2MessageBinding getBinding() {
 			return this.binding;
 		}
 
-		public void setBinding(Saml2MessageBinding binding) {
+		public void setBinding(@Nullable Saml2MessageBinding binding) {
 			this.binding = binding;
 		}
 

module/spring-boot-security-saml2/src/main/java/org/springframework/boot/security/saml2/autoconfigure/Saml2RelyingPartyRegistrationConfiguration.java

@@ -25,6 +25,8 @@
 import java.util.Map;
 import java.util.function.Consumer;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.PropertyMapper;
 import org.springframework.boot.security.saml2.autoconfigure.Saml2RelyingPartyProperties.AssertingParty;
@@ -169,11 +171,12 @@ private Saml2X509Credential asVerificationCredential(Verification.Credential pro
 				Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
 	}
 
-	private RSAPrivateKey readPrivateKey(Resource location) {
+	private RSAPrivateKey readPrivateKey(@Nullable Resource location) {
 		Assert.state(location != null, "No private key location specified");
 		Assert.state(location.exists(), () -> "Private key location '" + location + "' does not exist");
 		try (InputStream inputStream = location.getInputStream()) {
 			PemContent pemContent = PemContent.load(inputStream);
+			Assert.state(pemContent != null, "'pemContent' must not be null");
 			PrivateKey privateKey = pemContent.getPrivateKey();
 			Assert.state(privateKey instanceof RSAPrivateKey,
 					() -> "PrivateKey in resource '" + location + "' must be an RSAPrivateKey");
@@ -184,12 +187,14 @@ private RSAPrivateKey readPrivateKey(Resource location) {
 		}
 	}
 
-	private X509Certificate readCertificate(Resource location) {
+	private X509Certificate readCertificate(@Nullable Resource location) {
 		Assert.state(location != null, "No certificate location specified");
 		Assert.state(location.exists(), () -> "Certificate  location '" + location + "' does not exist");
 		try (InputStream inputStream = location.getInputStream()) {
 			PemContent pemContent = PemContent.load(inputStream);
+			Assert.state(pemContent != null, "'pemContent' must not be null");
 			List<X509Certificate> certificates = pemContent.getCertificates();
+			Assert.state(certificates != null, "'certificates' must not be null");
 			return certificates.get(0);
 		}
 		catch (Exception ex) {

module/spring-boot-security-saml2/src/main/java/org/springframework/boot/security/saml2/autoconfigure/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for Spring Security's SAML 2.0.
  */
+@NullMarked
 package org.springframework.boot.security.saml2.autoconfigure;
+
+import org.jspecify.annotations.NullMarked;