Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mark targetDomainObject as @Nullable in PermissionEvaluator

Browse Source 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
This commit is contained in:
Andrey Litvitski
2026-02-24 18:56:28 +03:00
committed by Rob Winch
parent d31ca7a758
commit 6d4726bfb7
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+2 -1
View File
@@ -23,6 +23,7 @@ import java.util.Locale;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jspecify.annotations.Nullable;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.PermissionEvaluator;
@@ -73,7 +74,7 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
* be overridden using a null check in the expression itself).
*/
@Override
public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) {
public boolean hasPermission(Authentication authentication, @Nullable Object domainObject, Object permission) {
if (domainObject == null) {
return false;
}
core/src/main/java/org/springframework/security/access/PermissionEvaluator.java
+3 -1
View File
@@ -18,6 +18,8 @@ package org.springframework.security.access;
import java.io.Serializable;
import org.jspecify.annotations.Nullable;
import org.springframework.aop.framework.AopInfrastructureBean;
import org.springframework.security.core.Authentication;
@@ -39,7 +41,7 @@ public interface PermissionEvaluator extends AopInfrastructureBean {
* expression system. Not null.
* @return true if the permission is granted, false otherwise
*/
boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission);
boolean hasPermission(Authentication authentication, @Nullable Object targetDomainObject, Object permission);
/**
* Alternative method for evaluating a permission where only the identifier of the
core/src/main/java/org/springframework/security/access/expression/DenyAllPermissionEvaluator.java
+2 -1
View File
@@ -20,6 +20,7 @@ import java.io.Serializable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jspecify.annotations.Nullable;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.PermissionEvaluator;
@@ -40,7 +41,7 @@ public class DenyAllPermissionEvaluator implements PermissionEvaluator {
* @return false always
*/
@Override
public boolean hasPermission(Authentication authentication, Object target, Object permission) {
public boolean hasPermission(Authentication authentication, @Nullable Object target, Object permission) {
this.logger.warn(LogMessage.format("Denying user %s permission '%s' on object %s", authentication.getName(),
permission, target));
return false;