Skip to content

Null safety via JSpecify #16882

New issue
New issue
Open
2 of 5 issues completed
Open
Null safety via JSpecify#16882
2 of 5 issues completed
Assignees
rwinch
Labels
type: enhancementA general enhancementtype: themeAn issue that describes a theme for a release
Milestone
7.0.x
@rwinch

Description

@rwinch
rwinch
opened on Apr 4, 2025

Spring Security should adopt JSpecify for Null safety as is done in Spring Framework

Related spring-projects/spring-framework#28797

Notes on Changes

Prior to this work, passwords were sometimes treated as never null, but the reality is that they could be null (when clearCredentials was invoked). This inconsistency was also present in APIs (e.g. PasswordEncoder) that produced and consumed passwords. The semantic meaning of a null password is now clearly defined as no password for the user.

NOTE: This is done in the parent issue vs each module because things like nullability of passwords impacts more than just the core project where the API is defined.

Sub-issues

Metadata

Metadata

Assignees

Labels

type: enhancementA general enhancementtype: themeAn issue that describes a theme for a release

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions