diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptor.java index a1afdd92a8..c60615a2d3 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptor.java @@ -147,7 +147,7 @@ public final class PreFilterAuthorizationMethodInterceptor implements Authorizat + "' found in method."); } else { - Object[] arguments = methodInvocation.getArguments(); + @Nullable Object[] arguments = methodInvocation.getArguments(); Assert.state(arguments.length == 1, "Unable to determine the method argument for filtering. Specify the filter target."); filterTarget = arguments[0]; diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java index c40137d69b..52ddc7a35a 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java @@ -136,9 +136,9 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor implements Au Object target = mi.getThis(); Class targetClass = (target != null) ? AopUtils.getTargetClass(target) : null; Method specificMethod = AopUtils.getMostSpecificMethod(mi.getMethod(), targetClass); - String[] parameterNames = this.parameterNameDiscoverer.getParameterNames(specificMethod); + @Nullable String @Nullable [] parameterNames = this.parameterNameDiscoverer.getParameterNames(specificMethod); if (parameterNames != null && parameterNames.length > 0) { - Object[] arguments = mi.getArguments(); + @Nullable Object[] arguments = mi.getArguments(); for (index = 0; index < parameterNames.length; index++) { if (name.equals(parameterNames[index])) { value = arguments[index]; @@ -150,7 +150,7 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor implements Au } } else { - Object[] arguments = mi.getArguments(); + @Nullable Object[] arguments = mi.getArguments(); Assert.state(arguments.length == 1, "Unable to determine the method argument for filtering. Specify the filter target."); value = arguments[0]; diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java index 2c38fd74c2..a0d60b6d01 100644 --- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java @@ -20,6 +20,8 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.util.Collection; import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; import javax.sql.DataSource; @@ -356,13 +358,23 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl @Override public List findAllGroups() { - return requireJdbcTemplate().queryForList(this.findAllGroupsSql, String.class); + // @formatter:off + return requireJdbcTemplate().queryForList(this.findAllGroupsSql, String.class) + .stream() + .filter(Objects::nonNull) + .collect(Collectors.toList()); + // @formatter:on } @Override public List findUsersInGroup(String groupName) { Assert.hasText(groupName, "groupName should have text"); - return requireJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName); + // @formatter:off + return requireJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName) + .stream() + .filter(Objects::nonNull) + .collect(Collectors.toList()); + // @formatter:on } @Override diff --git a/data/src/main/java/org/springframework/security/data/aot/hint/AuthorizeReturnObjectDataHintsRegistrar.java b/data/src/main/java/org/springframework/security/data/aot/hint/AuthorizeReturnObjectDataHintsRegistrar.java index 51addb2846..950afbc2af 100644 --- a/data/src/main/java/org/springframework/security/data/aot/hint/AuthorizeReturnObjectDataHintsRegistrar.java +++ b/data/src/main/java/org/springframework/security/data/aot/hint/AuthorizeReturnObjectDataHintsRegistrar.java @@ -22,6 +22,8 @@ import java.util.HashSet; import java.util.List; import java.util.Set; +import org.jspecify.annotations.Nullable; + import org.springframework.aot.hint.RuntimeHints; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.core.ResolvableType; @@ -33,6 +35,7 @@ import org.springframework.security.authorization.AuthorizationProxyFactory; import org.springframework.security.authorization.method.AuthorizeReturnObject; import org.springframework.security.core.annotation.SecurityAnnotationScanner; import org.springframework.security.core.annotation.SecurityAnnotationScanners; +import org.springframework.util.Assert; /** * A {@link SecurityHintsRegistrar} that scans all beans for implementations of @@ -82,14 +85,15 @@ public final class AuthorizeReturnObjectDataHintsRegistrar implements SecurityHi if (!RepositoryFactoryBeanSupport.class.isAssignableFrom(type.toClass())) { continue; } - Class[] generics = type.resolveGenerics(); - Class entity = generics[1]; + @Nullable Class[] generics = type.resolveGenerics(); + @Nullable Class entity = generics[1]; AuthorizeReturnObject authorize = beanFactory.findAnnotationOnBean(name, AuthorizeReturnObject.class); if (authorize != null) { toProxy.add(entity); continue; } - Class repository = generics[0]; + @Nullable Class repository = generics[0]; + Assert.state(repository != null, "Repository resolved from " + type + " cannot be null"); for (Method method : repository.getDeclaredMethods()) { AuthorizeReturnObject returnObject = this.scanner.scan(method, repository); if (returnObject == null) {