Cleanup

cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java

@@ -33,6 +33,7 @@
  * and using the current URL minus the artifact and the corresponding value.
  *
  * @author Rob Winch
+ * @author Ngoc Nhan
  */
 final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 		implements ServiceAuthenticationDetails {
@@ -70,14 +71,13 @@ public String getServiceUrl() {
 
 	@Override
 	public boolean equals(Object obj) {
-		if (this == obj) {
+		if (super.equals(obj)) {
 			return true;
 		}
-		if (!super.equals(obj) || !(obj instanceof DefaultServiceAuthenticationDetails)) {
-			return false;
+		if (obj instanceof DefaultServiceAuthenticationDetails that) {
+			return this.serviceUrl.equals(that.getServiceUrl());
 		}
-		ServiceAuthenticationDetails that = (ServiceAuthenticationDetails) obj;
-		return this.serviceUrl.equals(that.getServiceUrl());
+		return false;
 	}
 
 	@Override
@@ -100,17 +100,18 @@ public String toString() {
 	/**
 	 * If present, removes the artifactParameterName and the corresponding value from the
 	 * query String.
-	 * @param request
+	 * @param request the current {@link HttpServletRequest} to obtain the
+	 * {@link #getServiceUrl()} from.
+	 * @param artifactPattern the {@link Pattern} that will be used to clean up the query
+	 * string from containing the artifact name and value. This can be created using
+	 * {@link #createArtifactPattern(String)}.
 	 * @return the query String minus the artifactParameterName and the corresponding
 	 * value.
 	 */
 	private String getQueryString(final HttpServletRequest request, final Pattern artifactPattern) {
 		final String query = request.getQueryString();
-		if (query == null) {
-			return null;
-		}
-		String result = artifactPattern.matcher(query).replaceFirst("");
-		if (result.length() == 0) {
+		String result = (query != null) ? artifactPattern.matcher(query).replaceFirst("") : "";
+		if (result.isEmpty()) {
 			return null;
 		}
 		// strip off the trailing & only if the artifact was the first query param
@@ -121,8 +122,9 @@ private String getQueryString(final HttpServletRequest request, final Pattern ar
 	 * Creates a {@link Pattern} that can be passed into the constructor. This allows the
 	 * {@link Pattern} to be reused for every instance of
 	 * {@link DefaultServiceAuthenticationDetails}.
-	 * @param artifactParameterName
-	 * @return
+	 * @param artifactParameterName the artifactParameterName that is removed from the
+	 * current URL. The result becomes the service url. Cannot be null or an empty String.
+	 * @return a {@link Pattern}
 	 */
 	static Pattern createArtifactPattern(String artifactParameterName) {
 		Assert.hasLength(artifactParameterName, "artifactParameterName is expected to have a length");

core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java

@@ -31,6 +31,7 @@
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
+import org.springframework.util.StringUtils;
 
 /**
  * Sources method security metadata from major JSR 250 security annotations.
@@ -108,7 +109,7 @@ private String getRoleWithDefaultPrefix(String role) {
 		if (role == null) {
 			return role;
 		}
-		if (this.defaultRolePrefix == null || this.defaultRolePrefix.length() == 0) {
+		if (!StringUtils.hasLength(this.defaultRolePrefix)) {
 			return role;
 		}
 		if (role.startsWith(this.defaultRolePrefix)) {

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -31,13 +31,15 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.util.function.SingletonSupplier;
 
 /**
  * Base root object for use in Spring Security expression evaluations.
  *
  * @author Luke Taylor
  * @author Evgeniy Cheban
+ * @author Ngoc Nhan
  * @since 3.0
  */
 public abstract class SecurityExpressionRoot implements SecurityExpressionOperations {
@@ -167,7 +169,8 @@ public final boolean isFullyAuthenticated() {
 	/**
 	 * Convenience method to access {@link Authentication#getPrincipal()} from
 	 * {@link #getAuthentication()}
-	 * @return
+	 * @return the <code>Principal</code> being authenticated or the authenticated
+	 * principal after authentication.
 	 */
 	public @Nullable Object getPrincipal() {
 		return getAuthentication().getPrincipal();
@@ -228,15 +231,15 @@ public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
 	/**
 	 * Prefixes role with defaultRolePrefix if defaultRolePrefix is non-null and if role
 	 * does not already start with defaultRolePrefix.
-	 * @param defaultRolePrefix
-	 * @param role
-	 * @return
+	 * @param defaultRolePrefix the default prefix to add to roles.
+	 * @param role the role that should be required.
+	 * @return a {@code String} role
 	 */
 	private static String getRoleWithDefaultPrefix(@Nullable String defaultRolePrefix, String role) {
 		if (role == null) {
 			return role;
 		}
-		if (defaultRolePrefix == null || defaultRolePrefix.length() == 0) {
+		if (!StringUtils.hasLength(defaultRolePrefix)) {
 			return role;
 		}
 		if (role.startsWith(defaultRolePrefix)) {

crypto/src/main/java/org/springframework/security/crypto/password/AbstractValidatingPasswordEncoder.java

@@ -18,6 +18,14 @@
 
 import org.jspecify.annotations.Nullable;
 
+import org.springframework.util.StringUtils;
+
+/**
+ * Implementation of PasswordEncoder.
+ *
+ * @author Rob Winch
+ * @since 7.0
+ */
 public abstract class AbstractValidatingPasswordEncoder implements PasswordEncoder {
 
 	@Override
@@ -32,21 +40,20 @@ public abstract class AbstractValidatingPasswordEncoder implements PasswordEncod
 
 	@Override
 	public final boolean matches(@Nullable CharSequence rawPassword, @Nullable String encodedPassword) {
-		if (rawPassword == null || rawPassword.length() == 0 || encodedPassword == null
-				|| encodedPassword.length() == 0) {
-			return false;
+		if (StringUtils.hasLength(rawPassword) && StringUtils.hasLength(encodedPassword)) {
+			return matchesNonNull(rawPassword.toString(), encodedPassword);
 		}
-		return matchesNonNull(rawPassword.toString(), encodedPassword);
+		return false;
 	}
 
 	protected abstract boolean matchesNonNull(String rawPassword, String encodedPassword);
 
 	@Override
 	public final boolean upgradeEncoding(@Nullable String encodedPassword) {
-		if (encodedPassword == null || encodedPassword.length() == 0) {
-			return false;
+		if (StringUtils.hasLength(encodedPassword)) {
+			return upgradeEncodingNonNull(encodedPassword);
 		}
-		return upgradeEncodingNonNull(encodedPassword);
+		return false;
 	}
 
 	protected boolean upgradeEncodingNonNull(String encodedPassword) {

web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java

@@ -16,7 +16,6 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
-import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
@@ -59,6 +58,7 @@
  * @author Rob Winch
  * @author Eddú Meléndez
  * @author Onur Kagan Ozcan
+ * @author Ngoc Nhan
  * @since 2.0
  */
 public abstract class AbstractRememberMeServices
@@ -129,7 +129,7 @@ public Authentication autoLogin(HttpServletRequest request, HttpServletResponse
 			return null;
 		}
 		this.logger.debug("Remember-me cookie detected");
-		if (rememberMeCookie.length() == 0) {
+		if (rememberMeCookie.isEmpty()) {
 			this.logger.debug("Cookie was empty");
 			cancelCookie(request, response);
 			return null;
@@ -170,7 +170,7 @@ public Authentication autoLogin(HttpServletRequest request, HttpServletResponse
 	 */
 	protected String extractRememberMeCookie(HttpServletRequest request) {
 		Cookie[] cookies = request.getCookies();
-		if ((cookies == null) || (cookies.length == 0)) {
+		if (cookies == null) {
 			return null;
 		}
 		for (Cookie cookie : cookies) {
@@ -220,12 +220,7 @@ protected String[] decodeCookie(String cookieValue) throws InvalidCookieExceptio
 		}
 		String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, DELIMITER);
 		for (int i = 0; i < tokens.length; i++) {
-			try {
-				tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.toString());
-			}
-			catch (UnsupportedEncodingException ex) {
-				this.logger.error(ex.getMessage(), ex);
-			}
+			tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8);
 		}
 		return tokens;
 	}
@@ -238,12 +233,7 @@ protected String[] decodeCookie(String cookieValue) throws InvalidCookieExceptio
 	protected String encodeCookie(String[] cookieTokens) {
 		StringBuilder sb = new StringBuilder();
 		for (int i = 0; i < cookieTokens.length; i++) {
-			try {
-				sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.toString()));
-			}
-			catch (UnsupportedEncodingException ex) {
-				this.logger.error(ex.getMessage(), ex);
-			}
+			sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8));
 			if (i < cookieTokens.length - 1) {
 				sb.append(DELIMITER);
 			}
@@ -382,7 +372,7 @@ protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request
 
 	private String getCookiePath(HttpServletRequest request) {
 		String contextPath = request.getContextPath();
-		return (contextPath.length() > 0) ? contextPath : "/";
+		return contextPath.isEmpty() ? "/" : contextPath;
 	}
 
 	/**

web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java

@@ -43,6 +43,7 @@
  * bypassed by the malicious addition of parameters to the path component.
  *
  * @author Luke Taylor
+ * @author Ngoc Nhan
  */
 final class RequestWrapper extends FirewalledRequest {
 
@@ -56,7 +57,7 @@ final class RequestWrapper extends FirewalledRequest {
 		super(request);
 		this.strippedServletPath = strip(request.getServletPath());
 		String pathInfo = strip(request.getPathInfo());
-		if (pathInfo != null && pathInfo.length() == 0) {
+		if (pathInfo != null && pathInfo.isEmpty()) {
 			pathInfo = null;
 		}
 		this.strippedPathInfo = pathInfo;

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -36,6 +36,7 @@
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
@@ -58,6 +59,7 @@
  * @author Andrey Grebnev
  * @author Ben Alex
  * @author Luke Taylor
+ * @author Ngoc Nhan
  */
 public class DefaultSavedRequest implements SavedRequest {
 
@@ -206,21 +208,17 @@ private void addLocale(Locale locale) {
 	 * @since 4.2
 	 */
 	private void addParameters(Map<String, String[]> parameters) {
-		if (!ObjectUtils.isEmpty(parameters)) {
-			for (String paramName : parameters.keySet()) {
-				Object paramValues = parameters.get(paramName);
-				if (paramValues instanceof String[]) {
-					this.addParameter(paramName, (String[]) paramValues);
-				}
-				else {
-					logger.warn("ServletRequest.getParameterMap() returned non-String array");
-				}
-			}
+		if (ObjectUtils.isEmpty(parameters)) {
+			return;
 		}
-	}
 
-	private void addParameter(String name, String[] values) {
-		this.parameters.put(name, values);
+		for (Map.Entry<String, String[]> entry : parameters.entrySet()) {
+			String name = entry.getKey();
+			String[] values = entry.getValue();
+			if (values != null) {
+				this.parameters.put(name, values);
+			}
+		}
 	}
 
 	/**
@@ -378,7 +376,7 @@ private static String createQueryString(String queryString, String matchingReque
 		if (matchingRequestParameterName == null) {
 			return queryString;
 		}
-		if (queryString == null || queryString.length() == 0) {
+		if (!StringUtils.hasLength(queryString)) {
 			return matchingRequestParameterName;
 		}
 		return UriComponentsBuilder.newInstance()

web/src/main/java/org/springframework/security/web/util/TextEscapeUtils.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.util;
 
+import org.springframework.util.StringUtils;
+
 /**
  * Internal utility for escaping characters in HTML strings.
  *
@@ -25,7 +27,7 @@
 public abstract class TextEscapeUtils {
 
 	public static String escapeEntities(String s) {
-		if (s == null || s.length() == 0) {
+		if (!StringUtils.hasLength(s)) {
 			return s;
 		}
 		StringBuilder sb = new StringBuilder();

web/src/test/java/org/springframework/security/web/firewall/RequestWrapperTests.java

@@ -73,7 +73,7 @@ public void pathParametersAreRemovedFromPathInfo() {
 			String path = entry.getKey();
 			String expectedResult = entry.getValue();
 			// Should be null when stripped value is empty
-			if (expectedResult.length() == 0) {
+			if (expectedResult.isEmpty()) {
 				expectedResult = null;
 			}
 			request.setPathInfo(path);