Review nullability of spring-ws-security

See gh-1562

Author: snicoll

spring-ws-security/src/main/java/org/springframework/ws/soap/security/AbstractWsSecurityInterceptor.java

@@ -18,11 +18,13 @@
 
 import java.util.Iterator;
 import java.util.Locale;
+import java.util.Objects;
 
 import javax.xml.namespace.QName;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.jspecify.annotations.Nullable;
 
 import org.springframework.util.Assert;
 import org.springframework.ws.client.WebServiceClientException;
@@ -69,7 +71,7 @@ public abstract class AbstractWsSecurityInterceptor implements SoapEndpointInter
 
 	private boolean skipValidationIfNoHeaderPresent = false;
 
-	private EndpointExceptionResolver exceptionResolver;
+	private @Nullable EndpointExceptionResolver exceptionResolver;
 
 	/**
 	 * Indicates whether server-side incoming request are to be validated. Defaults to
@@ -197,7 +199,7 @@ public boolean handleFault(MessageContext messageContext, Object endpoint) throw
 	}
 
 	@Override
-	public void afterCompletion(MessageContext messageContext, Object endpoint, Exception ex) {
+	public void afterCompletion(MessageContext messageContext, Object endpoint, @Nullable Exception ex) {
 		cleanUp();
 	}
 
@@ -279,7 +281,8 @@ public boolean handleFault(MessageContext messageContext) throws WebServiceClien
 	}
 
 	@Override
-	public void afterCompletion(MessageContext messageContext, Exception ex) throws WebServiceClientException {
+	public void afterCompletion(MessageContext messageContext, @Nullable Exception ex)
+			throws WebServiceClientException {
 		cleanUp();
 	}
 
@@ -320,7 +323,7 @@ protected boolean handleValidationException(WsSecurityValidationException ex, Me
 				this.logger.debug("No exception resolver present, creating basic soap fault");
 			}
 			SoapBody response = ((SoapMessage) messageContext.getResponse()).getSoapBody();
-			response.addClientOrSenderFault(ex.getMessage(), Locale.ENGLISH);
+			response.addClientOrSenderFault(Objects.requireNonNull(ex.getMessage()), Locale.ENGLISH);
 		}
 		return false;
 	}

spring-ws-security/src/main/java/org/springframework/ws/soap/security/WsSecurityException.java

@@ -16,6 +16,8 @@
 
 package org.springframework.ws.soap.security;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.ws.WebServiceException;
 
 /**
@@ -32,7 +34,7 @@ public WsSecurityException(String msg) {
 		super(msg);
 	}
 
-	public WsSecurityException(String msg, Throwable ex) {
+	public WsSecurityException(@Nullable String msg, Throwable ex) {
 		super(msg, ex);
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/WsSecuritySecurementException.java

@@ -16,6 +16,8 @@
 
 package org.springframework.ws.soap.security;
 
+import org.jspecify.annotations.Nullable;
+
 /**
  * Exception indicating that something went wrong during the securement of a message.
  * <p>
@@ -33,7 +35,7 @@ public WsSecuritySecurementException(String msg) {
 		super(msg);
 	}
 
-	public WsSecuritySecurementException(String msg, Throwable ex) {
+	public WsSecuritySecurementException(@Nullable String msg, Throwable ex) {
 		super(msg, ex);
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/WsSecurityValidationException.java

@@ -16,6 +16,8 @@
 
 package org.springframework.ws.soap.security;
 
+import org.jspecify.annotations.Nullable;
+
 /**
  * Exception indicating that something went wrong during the validation of a message.
  * <p>
@@ -33,7 +35,7 @@ public WsSecurityValidationException(String msg) {
 		super(msg);
 	}
 
-	public WsSecurityValidationException(String msg, Throwable ex) {
+	public WsSecurityValidationException(@Nullable String msg, Throwable ex) {
 		super(msg, ex);
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/callback/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Contains generic {@code CallbackHandler} implementations.
  */
+@NullMarked
 package org.springframework.ws.soap.security.callback;
+
+import org.jspecify.annotations.NullMarked;

spring-ws-security/src/main/java/org/springframework/ws/soap/security/package-info.java

@@ -18,4 +18,7 @@
  * Provides WS-Security implementation classes. Contains the
  * {@code AbstractWsSecurityInterceptor} and exceptions.
  */
+@NullMarked
 package org.springframework.ws.soap.security;
+
+import org.jspecify.annotations.NullMarked;

spring-ws-security/src/main/java/org/springframework/ws/soap/security/support/KeyManagersFactoryBean.java

@@ -21,6 +21,8 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.StringUtils;
@@ -38,21 +40,21 @@
  */
 public class KeyManagersFactoryBean implements FactoryBean<KeyManager[]>, InitializingBean {
 
-	private KeyManager[] keyManagers;
+	private KeyManager @Nullable [] keyManagers;
 
-	private KeyStore keyStore;
+	private @Nullable KeyStore keyStore;
 
-	private String algorithm;
+	private @Nullable String algorithm;
 
-	private String provider;
+	private @Nullable String provider;
 
-	private char[] password;
+	private char @Nullable [] password;
 
 	/**
 	 * Sets the password to use for integrity checking. If this property is not set, then
 	 * integrity checking is not performed.
 	 */
-	public void setPassword(String password) {
+	public void setPassword(@Nullable String password) {
 		if (password != null) {
 			this.password = password.toCharArray();
 		}
@@ -84,7 +86,7 @@ public void setKeyStore(KeyStore keyStore) {
 	}
 
 	@Override
-	public KeyManager[] getObject() throws Exception {
+	public KeyManager @Nullable [] getObject() throws Exception {
 		return this.keyManagers;
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/support/KeyStoreFactoryBean.java

@@ -23,10 +23,12 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.jspecify.annotations.Nullable;
 
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.io.Resource;
+import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
@@ -45,30 +47,30 @@ public class KeyStoreFactoryBean implements FactoryBean<KeyStore>, InitializingB
 
 	private static final Log logger = LogFactory.getLog(KeyStoreFactoryBean.class);
 
-	private KeyStore keyStore;
+	private @Nullable KeyStore keyStore;
 
-	private String type;
+	private @Nullable String type;
 
-	private String provider;
+	private @Nullable String provider;
 
-	private Resource location;
+	private @Nullable Resource location;
 
-	private char[] password;
+	private char @Nullable [] password;
 
 	/**
 	 * Sets the location of the key store to use. If this is not set, a new, empty key
 	 * store will be used.
 	 * @see KeyStore#load(java.io.InputStream,char[])
 	 */
-	public void setLocation(Resource location) {
+	public void setLocation(@Nullable Resource location) {
 		this.location = location;
 	}
 
 	/**
 	 * Sets the password to use for integrity checking. If this property is not set, then
 	 * integrity checking is not performed.
 	 */
-	public void setPassword(String password) {
+	public void setPassword(@Nullable String password) {
 		if (password != null) {
 			this.password = password.toCharArray();
 		}
@@ -86,12 +88,13 @@ public void setProvider(String provider) {
 	 * used.
 	 * @see KeyStore#getDefaultType()
 	 */
-	public void setType(String type) {
+	public void setType(@Nullable String type) {
 		this.type = type;
 	}
 
 	@Override
 	public KeyStore getObject() {
+		Assert.state(this.keyStore != null, "KeyStore has not been initialized");
 		return this.keyStore;
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/support/TrustManagersFactoryBean.java

@@ -21,6 +21,8 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.jspecify.annotations.Nullable;
+
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.StringUtils;
@@ -37,13 +39,13 @@
  */
 public class TrustManagersFactoryBean implements FactoryBean<TrustManager[]>, InitializingBean {
 
-	private TrustManager[] trustManagers;
+	private TrustManager @Nullable [] trustManagers;
 
-	private KeyStore keyStore;
+	private @Nullable KeyStore keyStore;
 
-	private String algorithm;
+	private @Nullable String algorithm;
 
-	private String provider;
+	private @Nullable String provider;
 
 	/**
 	 * Sets the provider of the trust manager to use. If this is not set, the default is
@@ -71,7 +73,7 @@ public void setKeyStore(KeyStore keyStore) {
 	}
 
 	@Override
-	public TrustManager[] getObject() throws Exception {
+	public TrustManager @Nullable [] getObject() throws Exception {
 		return this.trustManagers;
 	}
 

spring-ws-security/src/main/java/org/springframework/ws/soap/security/support/package-info.java

@@ -17,4 +17,7 @@
 /**
  * Contains support classes for handling WS-Security messages.
  */
+@NullMarked
 package org.springframework.ws.soap.security.support;
+
+import org.jspecify.annotations.NullMarked;