chore: explicitly declare nullability using JSpecify

pom.xml

@@ -100,6 +100,12 @@
         <!-- endregion -->
 
         <!-- region General -->
+        <dependency>
+            <groupId>org.jspecify</groupId>
+            <artifactId>jspecify</artifactId>
+            <version>1.0.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>

src/main/java/com/gw2auth/oauth2/server/adapt/CookieBearerTokenResolver.java

@@ -2,6 +2,7 @@
 
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 
 public class CookieBearerTokenResolver implements BearerTokenResolver {
@@ -13,7 +14,7 @@ public CookieBearerTokenResolver(String cookieName) {
     }
 
     @Override
-    public String resolve(HttpServletRequest request) {
+    public @Nullable String resolve(HttpServletRequest request) {
         final Cookie[] cookies = request.getCookies();
         String value = null;
 

src/main/java/com/gw2auth/oauth2/server/adapt/CustomOAuth2ServerAuthenticationProviders.java

@@ -1,5 +1,6 @@
 package com.gw2auth.oauth2.server.adapt;
 
+import org.jspecify.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.BeanFactoryUtils;
@@ -29,7 +30,7 @@
 public class CustomOAuth2ServerAuthenticationProviders {
 
     private static final Logger LOG = LoggerFactory.getLogger(CustomOAuth2ServerAuthenticationProviders.class);
-    private static final ThreadLocal<Context> CONTEXT = new ThreadLocal<>();
+    private static final ThreadLocal<@Nullable Context> CONTEXT = new ThreadLocal<>();
 
     private static Optional<Context> getContext() {
         return Optional.ofNullable(CONTEXT.get());
@@ -151,7 +152,7 @@ private static OAuth2AuthorizationCodeRequestAuthenticationToken codeRequestToke
         );
     }
 
-    private static String resolveRedirectUri(OAuth2AuthorizationRequest authorizationRequest, RegisteredClient registeredClient) {
+    private static @Nullable String resolveRedirectUri(@Nullable OAuth2AuthorizationRequest authorizationRequest, @Nullable RegisteredClient registeredClient) {
         if (authorizationRequest != null && StringUtils.hasText(authorizationRequest.getRedirectUri())) {
             return authorizationRequest.getRedirectUri();
         }
@@ -178,7 +179,7 @@ public static AuthenticationProvider createConsentAuthenticationProvider(HttpSec
     }
 
     private static <B extends HttpSecurityBuilder<B>> RegisteredClientRepository getRegisteredClientRepository(B builder) {
-        RegisteredClientRepository registeredClientRepository = builder.getSharedObject(RegisteredClientRepository.class);
+        RegisteredClientRepository registeredClientRepository = builder.<@Nullable RegisteredClientRepository>getSharedObject(RegisteredClientRepository.class);
         if (registeredClientRepository == null) {
             registeredClientRepository = getBean(builder, RegisteredClientRepository.class);
             builder.setSharedObject(RegisteredClientRepository.class, registeredClientRepository);
@@ -187,7 +188,7 @@ private static <B extends HttpSecurityBuilder<B>> RegisteredClientRepository get
     }
 
     private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizationService getAuthorizationService(B builder) {
-        OAuth2AuthorizationService authorizationService = builder.getSharedObject(OAuth2AuthorizationService.class);
+        OAuth2AuthorizationService authorizationService = builder.<@Nullable OAuth2AuthorizationService>getSharedObject(OAuth2AuthorizationService.class);
         if (authorizationService == null) {
             authorizationService = getOptionalBean(builder, OAuth2AuthorizationService.class);
             if (authorizationService == null) {
@@ -199,7 +200,7 @@ private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizationService get
     }
 
     private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizationConsentService getAuthorizationConsentService(B builder) {
-        OAuth2AuthorizationConsentService authorizationConsentService = builder.getSharedObject(OAuth2AuthorizationConsentService.class);
+        OAuth2AuthorizationConsentService authorizationConsentService = builder.<@Nullable OAuth2AuthorizationConsentService>getSharedObject(OAuth2AuthorizationConsentService.class);
         if (authorizationConsentService == null) {
             authorizationConsentService = getOptionalBean(builder, OAuth2AuthorizationConsentService.class);
             if (authorizationConsentService == null) {
@@ -214,7 +215,7 @@ private static <B extends HttpSecurityBuilder<B>, T> T getBean(B builder, Class<
         return builder.getSharedObject(ApplicationContext.class).getBean(type);
     }
 
-    private static <B extends HttpSecurityBuilder<B>, T> T getOptionalBean(B builder, Class<T> type) {
+    private static <B extends HttpSecurityBuilder<B>, T> @Nullable T getOptionalBean(B builder, Class<T> type) {
         Map<String, T> beansMap = BeanFactoryUtils.beansOfTypeIncludingAncestors(
                 builder.getSharedObject(ApplicationContext.class), type);
         if (beansMap.size() > 1) {

src/main/java/com/gw2auth/oauth2/server/adapt/Gw2AuthSecurityContextRepository.java

@@ -5,6 +5,7 @@
 import com.gw2auth.oauth2.server.util.Constants;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.jspecify.annotations.Nullable;
 import org.springframework.security.core.context.DeferredSecurityContext;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -45,7 +46,7 @@ public boolean containsContext(HttpServletRequest request) {
         return loadContext(request).get() != null;
     }
 
-    private Supplier<SecurityContext> loadContext(HttpServletRequest request) {
+    private Supplier<@Nullable SecurityContext> loadContext(HttpServletRequest request) {
         return new SecurityContextSupplier(request);
     }
 
@@ -58,7 +59,7 @@ private SecurityContextSupplier(HttpServletRequest request) {
         }
 
         @Override
-        public SecurityContext get() {
+        public @Nullable SecurityContext get() {
             SecurityContext securityContext = null;
 
             final String jwtString = Gw2AuthSecurityContextRepository.this.bearerTokenResolver.resolve(this.request);

src/main/java/com/gw2auth/oauth2/server/adapt/S3AuthorizationRequestRepository.java

@@ -4,6 +4,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.jspecify.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -45,7 +46,7 @@ public S3AuthorizationRequestRepository(S3Client s3, String bucket, String prefi
     }
 
     @Override
-    public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
+    public @Nullable OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
         final String state = getState(request);
         if (state == null) {
             return null;
@@ -67,7 +68,7 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq
     }
 
     @Override
-    public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
+    public @Nullable OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
         final String state = getState(request);
         if (state == null) {
             return null;
@@ -79,7 +80,7 @@ public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest
         return oldRequest;
     }
 
-    private String getState(HttpServletRequest request) {
+    private @Nullable String getState(HttpServletRequest request) {
         return request.getParameter(OAuth2ParameterNames.STATE);
     }
 

src/main/java/com/gw2auth/oauth2/server/adapt/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.adapt;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ClientConfiguration.java

@@ -2,6 +2,7 @@
 
 import com.gw2auth.oauth2.server.service.security.AuthenticationHelper;
 import jakarta.servlet.http.HttpServletRequest;
+import org.jspecify.annotations.Nullable;
 import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper;
@@ -32,7 +33,7 @@ public ClientRegistrationRepository clientRegistrationRepository(OAuth2ClientPro
     private record CustomClientRegistrationRepository(ClientRegistrationRepository base) implements ClientRegistrationRepository {
 
         @Override
-        public ClientRegistration findByRegistrationId(String registrationId) {
+        public @Nullable ClientRegistration findByRegistrationId(String registrationId) {
             final HttpServletRequest request = AuthenticationHelper.getCurrentRequest().orElseThrow();
             final UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).build();
 

src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ServerConfiguration.java

@@ -10,6 +10,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.jspecify.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
@@ -182,7 +183,7 @@ private static class OAuth2TokenResponseHandler implements AuthenticationConvert
         private static final AuthenticationSuccessHandler SUCCESS_DELEGATE = new OAuth2AccessTokenResponseAuthenticationSuccessHandler();
         private static final AuthenticationFailureHandler FAILURE_DELEGATE = new OAuth2ErrorAuthenticationFailureHandler();
 
-        private AuthenticationConverter authenticationConverterDelegate;
+        private @Nullable AuthenticationConverter authenticationConverterDelegate;
 
         private OAuth2TokenResponseHandler() {
             this.authenticationConverterDelegate = null;
@@ -193,7 +194,7 @@ private void setAuthenticationConverters(List<AuthenticationConverter> authentic
         }
 
         @Override
-        public Authentication convert(HttpServletRequest request) {
+        public @Nullable Authentication convert(HttpServletRequest request) {
             final Authentication authentication = this.authenticationConverterDelegate.convert(request);
             if (authentication != null) {
                 final Object principal = authentication.getPrincipal();

src/main/java/com/gw2auth/oauth2/server/configuration/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.configuration;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/configuration/properties/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.configuration.properties;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/repository/account/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.repository.account;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/repository/application/account/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.repository.application.account;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/repository/application/client/ApplicationClientEntity.java

@@ -1,5 +1,6 @@
 package com.gw2auth.oauth2.server.repository.application.client;
 
+import org.jspecify.annotations.Nullable;
 import org.springframework.data.relational.core.mapping.Column;
 import org.springframework.data.relational.core.mapping.Table;
 
@@ -12,7 +13,7 @@ public record ApplicationClientEntity(@Column("id") UUID id,
                                       @Column("application_id") UUID applicationId,
                                       @Column("creation_time") Instant creationTime,
                                       @Column("display_name") String displayName,
-                                      @Column("client_secret") String clientSecret,
+                                      @Column("client_secret") @Nullable String clientSecret,
                                       @Column("authorization_grant_types") Set<String> authorizationGrantTypes,
                                       @Column("redirect_uris") Set<String> redirectUris,
                                       @Column("requires_approval") boolean requiresApproval,

src/main/java/com/gw2auth/oauth2/server/repository/application/client/ApplicationClientRepository.java

@@ -1,6 +1,7 @@
 package com.gw2auth.oauth2.server.repository.application.client;
 
 import com.gw2auth.oauth2.server.repository.BaseRepository;
+import org.jspecify.annotations.Nullable;
 import org.springframework.data.jdbc.repository.query.Query;
 import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
@@ -46,7 +47,7 @@ ApplicationClientEntity save(@Param("id") UUID id,
                                  @Param("application_id") UUID applicationId,
                                  @Param("creation_time") Instant creationTime,
                                  @Param("display_name") String displayName,
-                                 @Param("client_secret") String clientSecret,
+                                 @Param("client_secret") @Nullable String clientSecret,
                                  @Param("authorization_grant_types") Collection<String> authorizationGrantTypes,
                                  @Param("redirect_uris") Collection<String> redirectUris,
                                  @Param("requires_approval") boolean requiresApproval,

src/main/java/com/gw2auth/oauth2/server/repository/application/client/account/package-info.java

@@ -0,0 +1,4 @@
+@NullMarked
+package com.gw2auth.oauth2.server.repository.application.client.account;
+
+import org.jspecify.annotations.NullMarked;

src/main/java/com/gw2auth/oauth2/server/repository/application/client/authorization/ApplicationClientAuthorizationEntity.java

@@ -1,5 +1,6 @@
 package com.gw2auth.oauth2.server.repository.application.client.authorization;
 
+import org.jspecify.annotations.Nullable;
 import org.springframework.data.relational.core.mapping.Column;
 import org.springframework.data.relational.core.mapping.Table;
 
@@ -17,20 +18,20 @@ public record ApplicationClientAuthorizationEntity(@Column("id") String id,
                                                    @Column("authorization_grant_type") String authorizationGrantType,
                                                    @Column("authorized_scopes") Set<String> authorizedScopes,
                                                    @Column("attributes") String attributes,
-                                                   @Column("state") String state,
-                                                   @Column("authorization_code_value") String authorizationCodeValue,
-                                                   @Column("authorization_code_issued_at") Instant authorizationCodeIssuedAt,
-                                                   @Column("authorization_code_expires_at") Instant authorizationCodeExpiresAt,
-                                                   @Column("authorization_code_metadata") String authorizationCodeMetadata,
-                                                   @Column("access_token_value") String accessTokenValue,
-                                                   @Column("access_token_issued_at") Instant accessTokenIssuedAt,
-                                                   @Column("access_token_expires_at") Instant accessTokenExpiresAt,
-                                                   @Column("access_token_metadata") String accessTokenMetadata,
-                                                   @Column("access_token_type") String accessTokenType,
+                                                   @Column("state") @Nullable String state,
+                                                   @Column("authorization_code_value") @Nullable String authorizationCodeValue,
+                                                   @Column("authorization_code_issued_at") @Nullable Instant authorizationCodeIssuedAt,
+                                                   @Column("authorization_code_expires_at") @Nullable Instant authorizationCodeExpiresAt,
+                                                   @Column("authorization_code_metadata") @Nullable String authorizationCodeMetadata,
+                                                   @Column("access_token_value") @Nullable String accessTokenValue,
+                                                   @Column("access_token_issued_at") @Nullable Instant accessTokenIssuedAt,
+                                                   @Column("access_token_expires_at") @Nullable Instant accessTokenExpiresAt,
+                                                   @Column("access_token_metadata") @Nullable String accessTokenMetadata,
+                                                   @Column("access_token_type") @Nullable String accessTokenType,
                                                    @Column("access_token_scopes") Set<String> accessTokenScopes,
-                                                   @Column("refresh_token_value") String refreshTokenValue,
-                                                   @Column("refresh_token_issued_at") Instant refreshTokenIssuedAt,
-                                                   @Column("refresh_token_expires_at") Instant refreshTokenExpiresAt,
-                                                   @Column("refresh_token_metadata") String refreshTokenMetadata) {
+                                                   @Column("refresh_token_value") @Nullable String refreshTokenValue,
+                                                   @Column("refresh_token_issued_at") @Nullable Instant refreshTokenIssuedAt,
+                                                   @Column("refresh_token_expires_at") @Nullable Instant refreshTokenExpiresAt,
+                                                   @Column("refresh_token_metadata") @Nullable String refreshTokenMetadata) {
 
 }