Null safety via JSpecify spring-security-kerberos-web
Closes gh-18550
This commit is contained in:
Robert Winch
@@ -1,4 +1,5 @@
|
||||
plugins {
|
||||
id 'security-nullability'
|
||||
id 'io.spring.convention.spring-module'
|
||||
id 'javadoc-warnings-error'
|
||||
}
|
||||
|
||||
+7
-3
@@ -23,6 +23,7 @@ import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
@@ -124,11 +125,11 @@ public class SpnegoAuthenticationProcessingFilter extends OncePerRequestFilter {
|
||||
|
||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
private AuthenticationManager authenticationManager;
|
||||
private @Nullable AuthenticationManager authenticationManager;
|
||||
|
||||
private AuthenticationSuccessHandler successHandler;
|
||||
private @Nullable AuthenticationSuccessHandler successHandler;
|
||||
|
||||
private AuthenticationFailureHandler failureHandler;
|
||||
private @Nullable AuthenticationFailureHandler failureHandler;
|
||||
|
||||
private SessionAuthenticationStrategy sessionStrategy = new NullAuthenticatedSessionStrategy();
|
||||
|
||||
@@ -172,6 +173,9 @@ public class SpnegoAuthenticationProcessingFilter extends OncePerRequestFilter {
|
||||
authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
|
||||
Authentication authentication;
|
||||
try {
|
||||
if (this.authenticationManager == null) {
|
||||
throw new IllegalStateException("authenticationManager must be set");
|
||||
}
|
||||
authentication = this.authenticationManager.authenticate(authenticationRequest);
|
||||
}
|
||||
catch (AuthenticationException ex) {
|
||||
|
||||
+8
-6
@@ -25,6 +25,7 @@ import jakarta.servlet.http.HttpServletRequestWrapper;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
@@ -64,9 +65,9 @@ public class SpnegoEntryPoint implements AuthenticationEntryPoint {
|
||||
|
||||
private static final Log LOG = LogFactory.getLog(SpnegoEntryPoint.class);
|
||||
|
||||
private final String forwardUrl;
|
||||
private final @Nullable String forwardUrl;
|
||||
|
||||
private final HttpMethod forwardMethod;
|
||||
private final @Nullable HttpMethod forwardMethod;
|
||||
|
||||
private final boolean forward;
|
||||
|
||||
@@ -87,7 +88,7 @@ public class SpnegoEntryPoint implements AuthenticationEntryPoint {
|
||||
* @param forwardUrl URL where the login page can be found. Should be relative to the
|
||||
* web-app context path (include a leading {@code /}) and can't be absolute URL.
|
||||
*/
|
||||
public SpnegoEntryPoint(String forwardUrl) {
|
||||
public SpnegoEntryPoint(@Nullable String forwardUrl) {
|
||||
this(forwardUrl, null);
|
||||
}
|
||||
|
||||
@@ -99,7 +100,7 @@ public class SpnegoEntryPoint implements AuthenticationEntryPoint {
|
||||
* web-app context path (include a leading {@code /}) and can't be absolute URL.
|
||||
* @param forwardMethod HTTP method to use when accessing the forward URL
|
||||
*/
|
||||
public SpnegoEntryPoint(String forwardUrl, HttpMethod forwardMethod) {
|
||||
public SpnegoEntryPoint(@Nullable String forwardUrl, @Nullable HttpMethod forwardMethod) {
|
||||
if (StringUtils.hasText(forwardUrl)) {
|
||||
Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), "Forward url specified must be a valid forward URL");
|
||||
Assert.isTrue(!UrlUtils.isAbsoluteUrl(forwardUrl), "Forward url specified must not be absolute");
|
||||
@@ -126,10 +127,11 @@ public class SpnegoEntryPoint implements AuthenticationEntryPoint {
|
||||
|
||||
if (this.forward) {
|
||||
RequestDispatcher dispatcher = request.getRequestDispatcher(this.forwardUrl);
|
||||
HttpServletRequest fwdRequest = (this.forwardMethod != null) ? new HttpServletRequestWrapper(request) {
|
||||
HttpMethod method = this.forwardMethod;
|
||||
HttpServletRequest fwdRequest = (method != null) ? new HttpServletRequestWrapper(request) {
|
||||
@Override
|
||||
public String getMethod() {
|
||||
return SpnegoEntryPoint.this.forwardMethod.name();
|
||||
return method.name();
|
||||
}
|
||||
} : request;
|
||||
dispatcher.forward(fwdRequest, response);
|
||||
|
||||
+20
@@ -0,0 +1,20 @@
|
||||
/*
|
||||
* Copyright 2004-present the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
@NullMarked
|
||||
package org.springframework.security.kerberos.web.authentication;
|
||||
|
||||
import org.jspecify.annotations.NullMarked;
|
||||
Reference in New Issue
Block a user