From 81fe9fc640a5bc1783d150037a6445f356a7567e Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Mon, 27 Jul 2020 10:01:32 -0700
Subject: [PATCH] Make all exception classes immutable

Update all exception classes so that they are fully immutable and cannot
be changed once they have been thrown.

Issue gh-8945
---
 etc/checkstyle/checkstyle-suppressions.xml    | 12 ++++------
 .../core/OAuth2AuthenticationException.java   | 13 ++++-------
 .../core/OAuth2AuthorizationException.java    |  2 +-
 .../Saml2AuthenticationException.java         | 23 ++++++-------------
 .../web/util/ThrowableAnalyzerTests.java      |  6 ++---
 5 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/etc/checkstyle/checkstyle-suppressions.xml b/etc/checkstyle/checkstyle-suppressions.xml
index 39c2f65c38..cd34ac85a4 100644
--- a/etc/checkstyle/checkstyle-suppressions.xml
+++ b/etc/checkstyle/checkstyle-suppressions.xml
@@ -3,13 +3,6 @@
 		"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
-	<suppress files=".*" checks="JavadocMethod" />
-	<suppress files=".*" checks="JavadocStyle" />
-	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
-	<suppress files=".*" checks="JavadocType" />
-	<suppress files=".*" checks="JavadocVariable" />
-	<suppress files=".*" checks="MultipleVariableDeclarations" />
-	<suppress files=".*" checks="MutableException" />
 	<suppress files=".*" checks="NeedBraces" />
 	<suppress files=".*" checks="NestedIfDepth" />
 	<suppress files=".*" checks="NewlineAtEndOfFile" />
@@ -32,6 +25,11 @@
 	<suppress files=".*" checks="SpringTernary" />
 	<suppress files=".*" checks="WhitespaceAfter" />
 	<suppress files=".*" checks="WhitespaceAround" />
+	<suppress files=".*" checks="JavadocMethod" />
+	<suppress files=".*" checks="JavadocStyle" />
+	<suppress files=".*" checks="JavadocTagContinuationIndentation" />
+	<suppress files=".*" checks="JavadocType" />
+	<suppress files=".*" checks="JavadocVariable" />
 
 	<!-- Ignore third-party code -->
 	<suppress files="BCrypt\.java|BCryptTests\.java" checks=".*"/>
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
index 7feff6c666..11fcc5d7aa 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AuthenticationException extends AuthenticationException {
 
-	private OAuth2Error error;
+	private final OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
@@ -65,8 +65,7 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 	 * @param message the detail message
 	 */
 	public OAuth2AuthenticationException(OAuth2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -77,7 +76,8 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 	 */
 	public OAuth2AuthenticationException(OAuth2Error error, String message, Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = error;
 	}
 
 	/**
@@ -88,9 +88,4 @@ public class OAuth2AuthenticationException extends AuthenticationException {
 		return this.error;
 	}
 
-	private void setError(OAuth2Error error) {
-		Assert.notNull(error, "error cannot be null");
-		this.error = error;
-	}
-
 }
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
index 5902a048a4..aba323e7b2 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
@@ -25,7 +25,7 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AuthorizationException extends RuntimeException {
 
-	private OAuth2Error error;
+	private final OAuth2Error error;
 
 	/**
 	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
index a2d5b7deea..64807dbfba 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java
@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
  */
 public class Saml2AuthenticationException extends AuthenticationException {
 
-	private Saml2Error error;
+	private final Saml2Error error;
 
 	/**
 	 * Constructs a {@code Saml2AuthenticationException} using the provided parameters.
@@ -65,8 +65,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	 * @param message the detail message
 	 */
 	public Saml2AuthenticationException(Saml2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -77,7 +76,8 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	 */
 	public Saml2AuthenticationException(Saml2Error error, String message, Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = error;
 	}
 
 	/**
@@ -120,8 +120,7 @@ public class Saml2AuthenticationException extends AuthenticationException {
 	@Deprecated
 	public Saml2AuthenticationException(
 			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message) {
-		super(message);
-		this.setError(error);
+		this(error, message, null);
 	}
 
 	/**
@@ -140,7 +139,8 @@ public class Saml2AuthenticationException extends AuthenticationException {
 			org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message,
 			Throwable cause) {
 		super(message, cause);
-		this.setError(error);
+		Assert.notNull(error, "error cannot be null");
+		this.error = new Saml2Error(error.getErrorCode(), error.getDescription());
 	}
 
 	/**
@@ -162,15 +162,6 @@ public class Saml2AuthenticationException extends AuthenticationException {
 				this.error.getErrorCode(), this.error.getDescription());
 	}
 
-	private void setError(Saml2Error error) {
-		Assert.notNull(error, "error cannot be null");
-		this.error = error;
-	}
-
-	private void setError(org.springframework.security.saml2.provider.service.authentication.Saml2Error error) {
-		setError(new Saml2Error(error.getErrorCode(), error.getDescription()));
-	}
-
 	@Override
 	public String toString() {
 		final StringBuffer sb = new StringBuffer("Saml2AuthenticationException{");
diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
index 1c6fa7efb6..82895a0cd0 100644
--- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java
@@ -250,12 +250,12 @@ public class ThrowableAnalyzerTests {
 	}
 
 	/**
-	 * Exception for testing purposes. The cause is not retrievable by {@link #getCause()}
-	 * .
+	 * Exception for testing purposes. The cause is not retrievable by
+	 * {@link #getCause()}.
 	 */
 	public static final class NonStandardException extends Exception {
 
-		private Throwable cause;
+		private final Throwable cause;
 
 		public NonStandardException(String message, Throwable cause) {
 			super(message);