Add nullability annotations to module/spring-boot-security

See gh-46587

Author: mhalbritter

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/reactive/EndpointRequest.java

@@ -27,6 +27,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.jspecify.annotations.Nullable;
 import reactor.core.publisher.Mono;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -157,9 +158,9 @@ public static AdditionalPathsEndpointServerWebExchangeMatcher toAdditionalPaths(
 	 */
 	private abstract static class AbstractWebExchangeMatcher<C> extends ApplicationContextServerWebExchangeMatcher<C> {
 
-		private volatile ServerWebExchangeMatcher delegate;
+		private volatile @Nullable ServerWebExchangeMatcher delegate;
 
-		private volatile ManagementPortType managementPortType;
+		private volatile @Nullable ManagementPortType managementPortType;
 
 		AbstractWebExchangeMatcher(Class<? extends C> contextClass) {
 			super(contextClass);
@@ -181,49 +182,59 @@ private ServerWebExchangeMatcher createDelegate(Supplier<C> context) {
 
 		protected abstract ServerWebExchangeMatcher createDelegate(C context);
 
-		protected final List<ServerWebExchangeMatcher> getDelegateMatchers(Set<String> paths, HttpMethod httpMethod) {
+		protected final List<ServerWebExchangeMatcher> getDelegateMatchers(Set<String> paths,
+				@Nullable HttpMethod httpMethod) {
 			return paths.stream()
 				.map((path) -> getDelegateMatcher(path, httpMethod))
 				.collect(Collectors.toCollection(ArrayList::new));
 		}
 
-		private PathPatternParserServerWebExchangeMatcher getDelegateMatcher(String path, HttpMethod httpMethod) {
+		private PathPatternParserServerWebExchangeMatcher getDelegateMatcher(String path,
+				@Nullable HttpMethod httpMethod) {
 			Assert.notNull(path, "'path' must not be null");
 			return new PathPatternParserServerWebExchangeMatcher(path + "/**", httpMethod);
 		}
 
 		@Override
 		protected Mono<MatchResult> matches(ServerWebExchange exchange, Supplier<C> context) {
-			return this.delegate.matches(exchange);
+			ServerWebExchangeMatcher delegate = this.delegate;
+			Assert.state(delegate != null, "'delegate' must not be null");
+			return delegate.matches(exchange);
 		}
 
 		@Override
-		protected boolean ignoreApplicationContext(ApplicationContext applicationContext) {
+		protected boolean ignoreApplicationContext(@Nullable ApplicationContext applicationContext) {
 			ManagementPortType managementPortType = this.managementPortType;
 			if (managementPortType == null) {
+				Assert.state(applicationContext != null, "'applicationContext' must not be null");
 				managementPortType = ManagementPortType.get(applicationContext.getEnvironment());
 				this.managementPortType = managementPortType;
 			}
 			return ignoreApplicationContext(applicationContext, managementPortType);
 		}
 
-		protected boolean ignoreApplicationContext(ApplicationContext applicationContext,
+		protected boolean ignoreApplicationContext(@Nullable ApplicationContext applicationContext,
 				ManagementPortType managementPortType) {
 			return managementPortType == ManagementPortType.DIFFERENT
 					&& !hasWebServerNamespace(applicationContext, WebServerNamespace.MANAGEMENT);
 		}
 
-		protected final boolean hasWebServerNamespace(ApplicationContext applicationContext,
+		protected final boolean hasWebServerNamespace(@Nullable ApplicationContext applicationContext,
 				WebServerNamespace webServerNamespace) {
 			return WebServerApplicationContext.hasServerNamespace(applicationContext, webServerNamespace.getValue())
 					|| hasImplicitServerNamespace(applicationContext, webServerNamespace);
 		}
 
-		private boolean hasImplicitServerNamespace(ApplicationContext applicationContext,
+		private boolean hasImplicitServerNamespace(@Nullable ApplicationContext applicationContext,
 				WebServerNamespace webServerNamespace) {
 			return WebServerNamespace.SERVER.equals(webServerNamespace)
 					&& WebServerApplicationContext.getServerNamespace(applicationContext) == null
-					&& applicationContext.getParent() == null;
+					&& getApplicationContextParent(applicationContext) == null;
+		}
+
+		private @Nullable ApplicationContext getApplicationContextParent(
+				@Nullable ApplicationContext applicationContext) {
+			return (applicationContext != null) ? applicationContext.getParent() : null;
 		}
 
 		protected final String toString(List<Object> endpoints, String emptyValue) {
@@ -266,7 +277,7 @@ public static final class EndpointServerWebExchangeMatcher extends AbstractWebEx
 
 		private final boolean includeLinks;
 
-		private final HttpMethod httpMethod;
+		private final @Nullable HttpMethod httpMethod;
 
 		private EndpointServerWebExchangeMatcher(boolean includeLinks) {
 			this(Collections.emptyList(), Collections.emptyList(), includeLinks, null);
@@ -281,7 +292,7 @@ private EndpointServerWebExchangeMatcher(String[] endpoints, boolean includeLink
 		}
 
 		private EndpointServerWebExchangeMatcher(List<Object> includes, List<Object> excludes, boolean includeLinks,
-				HttpMethod httpMethod) {
+				@Nullable HttpMethod httpMethod) {
 			super(PathMappedEndpoints.class);
 			this.includes = includes;
 			this.excludes = excludes;
@@ -386,7 +397,7 @@ public static class AdditionalPathsEndpointServerWebExchangeMatcher
 
 		private final List<Object> endpoints;
 
-		private final HttpMethod httpMethod;
+		private final @Nullable HttpMethod httpMethod;
 
 		AdditionalPathsEndpointServerWebExchangeMatcher(WebServerNamespace webServerNamespace, String... endpoints) {
 			this(webServerNamespace, Arrays.asList((Object[]) endpoints), null);
@@ -397,7 +408,7 @@ public static class AdditionalPathsEndpointServerWebExchangeMatcher
 		}
 
 		private AdditionalPathsEndpointServerWebExchangeMatcher(WebServerNamespace webServerNamespace,
-				List<Object> endpoints, HttpMethod httpMethod) {
+				List<Object> endpoints, @Nullable HttpMethod httpMethod) {
 			super(PathMappedEndpoints.class);
 			Assert.notNull(webServerNamespace, "'webServerNamespace' must not be null");
 			Assert.notNull(endpoints, "'endpoints' must not be null");
@@ -419,7 +430,7 @@ public AdditionalPathsEndpointServerWebExchangeMatcher withHttpMethod(HttpMethod
 		}
 
 		@Override
-		protected boolean ignoreApplicationContext(ApplicationContext applicationContext,
+		protected boolean ignoreApplicationContext(@Nullable ApplicationContext applicationContext,
 				ManagementPortType managementPortType) {
 			return !hasWebServerNamespace(applicationContext, this.webServerNamespace);
 		}

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/reactive/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for actuator security using WebFlux.
  */
+@NullMarked
 package org.springframework.boot.security.autoconfigure.actuate.reactive;
+
+import org.jspecify.annotations.NullMarked;

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/EndpointRequest.java

@@ -28,6 +28,7 @@
 import java.util.stream.Stream;
 
 import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
@@ -158,9 +159,9 @@ public static AdditionalPathsEndpointRequestMatcher toAdditionalPaths(WebServerN
 	private abstract static class AbstractRequestMatcher
 			extends ApplicationContextRequestMatcher<WebApplicationContext> {
 
-		private volatile RequestMatcher delegate;
+		private volatile @Nullable RequestMatcher delegate;
 
-		private volatile ManagementPortType managementPortType;
+		private volatile @Nullable ManagementPortType managementPortType;
 
 		AbstractRequestMatcher() {
 			super(WebApplicationContext.class);
@@ -202,7 +203,9 @@ protected final void initialized(Supplier<WebApplicationContext> context) {
 
 		@Override
 		protected final boolean matches(HttpServletRequest request, Supplier<WebApplicationContext> context) {
-			return this.delegate.matches(request);
+			RequestMatcher delegate = this.delegate;
+			Assert.state(delegate != null, "'delegate' must not be null");
+			return delegate.matches(request);
 		}
 
 		private RequestMatcher createDelegate(WebApplicationContext context) {
@@ -218,7 +221,7 @@ protected abstract RequestMatcher createDelegate(WebApplicationContext context,
 				RequestMatcherFactory requestMatcherFactory);
 
 		protected final List<RequestMatcher> getDelegateMatchers(RequestMatcherFactory requestMatcherFactory,
-				RequestMatcherProvider matcherProvider, Set<String> paths, HttpMethod httpMethod) {
+				RequestMatcherProvider matcherProvider, Set<String> paths, @Nullable HttpMethod httpMethod) {
 			return paths.stream()
 				.map((path) -> requestMatcherFactory.antPath(matcherProvider, httpMethod, path, "/**"))
 				.collect(Collectors.toCollection(ArrayList::new));
@@ -280,7 +283,7 @@ public static final class EndpointRequestMatcher extends AbstractRequestMatcher
 
 		private final boolean includeLinks;
 
-		private final HttpMethod httpMethod;
+		private final @Nullable HttpMethod httpMethod;
 
 		private EndpointRequestMatcher(boolean includeLinks) {
 			this(Collections.emptyList(), Collections.emptyList(), includeLinks, null);
@@ -295,7 +298,7 @@ private EndpointRequestMatcher(String[] endpoints, boolean includeLinks) {
 		}
 
 		private EndpointRequestMatcher(List<Object> includes, List<Object> excludes, boolean includeLinks,
-				HttpMethod httpMethod) {
+				@Nullable HttpMethod httpMethod) {
 			this.includes = includes;
 			this.excludes = excludes;
 			this.includeLinks = includeLinks;
@@ -402,7 +405,7 @@ public static class AdditionalPathsEndpointRequestMatcher extends AbstractReques
 
 		private final List<Object> endpoints;
 
-		private final HttpMethod httpMethod;
+		private final @Nullable HttpMethod httpMethod;
 
 		AdditionalPathsEndpointRequestMatcher(WebServerNamespace webServerNamespace, String... endpoints) {
 			this(webServerNamespace, Arrays.asList((Object[]) endpoints), null);
@@ -413,7 +416,7 @@ public static class AdditionalPathsEndpointRequestMatcher extends AbstractReques
 		}
 
 		private AdditionalPathsEndpointRequestMatcher(WebServerNamespace webServerNamespace, List<Object> endpoints,
-				HttpMethod httpMethod) {
+				@Nullable HttpMethod httpMethod) {
 			Assert.notNull(webServerNamespace, "'webServerNamespace' must not be null");
 			Assert.notNull(endpoints, "'endpoints' must not be null");
 			Assert.notEmpty(endpoints, "'endpoints' must not be empty");
@@ -472,7 +475,8 @@ public String toString() {
 	 */
 	private static final class RequestMatcherFactory {
 
-		RequestMatcher antPath(RequestMatcherProvider matcherProvider, HttpMethod httpMethod, String... parts) {
+		RequestMatcher antPath(RequestMatcherProvider matcherProvider, @Nullable HttpMethod httpMethod,
+				String... parts) {
 			StringBuilder pattern = new StringBuilder();
 			for (String part : parts) {
 				Assert.notNull(part, "'part' must not be null");

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/PathPatternRequestMatcherProvider.java

@@ -18,6 +18,8 @@
 
 import java.util.function.Function;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -37,7 +39,7 @@ class PathPatternRequestMatcherProvider implements RequestMatcherProvider {
 	}
 
 	@Override
-	public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) {
+	public RequestMatcher getRequestMatcher(String pattern, @Nullable HttpMethod httpMethod) {
 		return PathPatternRequestMatcher.withDefaults().matcher(httpMethod, this.pathFactory.apply(pattern));
 	}
 

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/RequestMatcherProvider.java

@@ -16,6 +16,8 @@
 
 package org.springframework.boot.security.autoconfigure.actuate.servlet;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.http.HttpMethod;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
@@ -37,6 +39,6 @@ public interface RequestMatcherProvider {
 	 * @param httpMethod the http method
 	 * @return a request matcher
 	 */
-	RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod);
+	RequestMatcher getRequestMatcher(String pattern, @Nullable HttpMethod httpMethod);
 
 }

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for actuator security using Spring MVC.
  */
+@NullMarked
 package org.springframework.boot.security.autoconfigure.actuate.servlet;
+
+import org.jspecify.annotations.NullMarked;

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for Spring Security.
  */
+@NullMarked
 package org.springframework.boot.security.autoconfigure;
+
+import org.jspecify.annotations.NullMarked;

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/ReactiveUserDetailsServiceAutoConfiguration.java

@@ -21,6 +21,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.jspecify.annotations.Nullable;
 
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
@@ -88,7 +89,7 @@ private UserDetails getUserDetails(SecurityProperties.User user, String password
 		return User.withUsername(user.getName()).password(password).roles(StringUtils.toStringArray(roles)).build();
 	}
 
-	private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) {
+	private String getOrDeducePassword(SecurityProperties.User user, @Nullable PasswordEncoder encoder) {
 		String password = user.getPassword();
 		if (user.isPasswordGenerated()) {
 			logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for reactive Spring Security.
  */
+@NullMarked
 package org.springframework.boot.security.autoconfigure.reactive;
+
+import org.jspecify.annotations.NullMarked;

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/rsocket/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Auto-configuration for RSocket support in Spring Security.
  */
+@NullMarked
 package org.springframework.boot.security.autoconfigure.rsocket;
+
+import org.jspecify.annotations.NullMarked;