From 7627e09f62846507363ec7272f0d57b6946dc416 Mon Sep 17 00:00:00 2001 From: Andrey Litvitski Date: Fri, 5 Dec 2025 21:17:49 +0300 Subject: [PATCH] Add `@Nullable` to changePassword parameters in UserDetailsManager Closes: gh-18257 Signed-off-by: Andrey Litvitski --- .../security/provisioning/InMemoryUserDetailsManager.java | 3 ++- .../security/provisioning/JdbcUserDetailsManager.java | 6 ++++-- .../security/provisioning/UserDetailsManager.java | 4 +++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java index 6380bdd7064..55e65ea1456 100644 --- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java @@ -51,6 +51,7 @@ * system isn't required. * * @author Luke Taylor + * @author Andrey Litvitski * @since 3.1 */ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetailsPasswordService { @@ -130,7 +131,7 @@ public boolean userExists(String username) { } @Override - public void changePassword(String oldPassword, String newPassword) { + public void changePassword(@Nullable String oldPassword, @Nullable String newPassword) { Authentication currentUser = this.securityContextHolderStrategy.getContext().getAuthentication(); if (currentUser == null) { // This would indicate bad coding somewhere diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java index 2c38fd74c2b..6b1c7b37042 100644 --- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java @@ -67,6 +67,7 @@ * * @author Luke Taylor * @author Junhyeok Lee + * @author Andrey Litvitski * @since 2.0 */ public class JdbcUserDetailsManager extends JdbcDaoImpl @@ -308,7 +309,8 @@ private void deleteUserAuthorities(String username) { } @Override - public void changePassword(String oldPassword, String newPassword) throws AuthenticationException { + public void changePassword(@Nullable String oldPassword, @Nullable String newPassword) + throws AuthenticationException { Authentication currentUser = this.securityContextHolderStrategy.getContext().getAuthentication(); if (currentUser == null) { // This would indicate bad coding somewhere @@ -335,7 +337,7 @@ public void changePassword(String oldPassword, String newPassword) throws Authen this.userCache.removeUserFromCache(username); } - protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) { + protected Authentication createNewAuthentication(Authentication currentAuth, @Nullable String newPassword) { UserDetails user = loadUserByUsername(currentAuth.getName()); UsernamePasswordAuthenticationToken newAuthentication = UsernamePasswordAuthenticationToken.authenticated(user, null, user.getAuthorities()); diff --git a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java index c9f5e9a1df4..33e444e69c5 100644 --- a/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/UserDetailsManager.java @@ -16,6 +16,8 @@ package org.springframework.security.provisioning; +import org.jspecify.annotations.Nullable; + import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -49,7 +51,7 @@ public interface UserDetailsManager extends UserDetailsService { * @param oldPassword current password (for re-authentication if required) * @param newPassword the password to change to */ - void changePassword(String oldPassword, String newPassword); + void changePassword(@Nullable String oldPassword, @Nullable String newPassword); /** * Check if a user with the supplied login name exists in the system.