Skip to content

Return type of oauth2.core.ClaimAccessor#containsClaim(String) could be a primitive boolean #9201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
grimsa opened this issue Nov 13, 2020 · 7 comments
Closed

Return type of oauth2.core.ClaimAccessor#containsClaim(String) could be a primitive boolean #9201

grimsa opened this issue Nov 13, 2020 · 7 comments
Assignees
@grimsa
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.5.0-M2

Comments

@grimsa
Copy link
Contributor

grimsa commented Nov 13, 2020

Current Behavior

In org.springframework.security.oauth2.core.ClaimAccessor interface there is a containsClaim method:

	/**
	 * Returns {@code true} if the claim exists in {@link #getClaims()}, otherwise {@code false}.
	 *
	 * @param claim the name of the claim
	 * @return {@code true} if the claim exists, otherwise {@code false}
	 */
	default Boolean containsClaim(String claim) {
		Assert.notNull(claim, "claim cannot be null");
		return getClaims().containsKey(claim);
	}

Return type of this method is a nullable Boolean.

Expected Behavior

It seems the method could return a non-nullable primitive boolean. This is supported by all of:

  • javadoc - not mentioning null return value
  • default implementation - Map#containsKey returning primitive boolean
  • use in other methods assumes non-null values, e.g. return !containsClaim(claim) ? ... : ...

Context

Noticed this when SonarQube marked if (!accessTokenJwt.containsClaim(CUSTOM_CLAIM)) { code as non-compliant for rule Boxed "Boolean" should be avoided in boolean expressions.
@grimsa grimsa added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Nov 13, 2020
@jgrandja
Copy link
Contributor

@grimsa It's not clear to me if you are reporting an issue?

Return type of this method is a nullable Boolean.

null is never returned. It's always a boolean?

Which code are you referencing in if (!accessTokenJwt.containsClaim(CUSTOM_CLAIM))?

@jgrandja jgrandja self-assigned this Nov 16, 2020
@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Nov 16, 2020
@grimsa
Copy link
Contributor Author

grimsa commented Nov 16, 2020

@jgrandja I'm referencing ClaimAccessor#containsClaim (in the provided example accessTokenJwt is instance of ClaimAccessor).

My observation is - if null is never returned from containsClaim method, then why is the return type Boolean (which leads to false positives during static analysis) and not boolean?

It is definitely not a bug, just a possibility for minor enhancement.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Nov 16, 2020
@jgrandja
Copy link
Contributor

@grimsa What enhancement are you proposing? Change return type from Boolean to boolean OR improve javadoc?

@jgrandja jgrandja added status: waiting-for-feedback We need additional information before we can continue and removed status: feedback-provided Feedback has been provided labels Nov 19, 2020
@grimsa
Copy link
Contributor Author

grimsa commented Nov 19, 2020

Changing to boolean would be preferable.
If that is not possible, then Javadoc could be improved to explain why.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Nov 19, 2020
@jgrandja
Copy link
Contributor

Changing return type to boolean would break compatibility for any 5.x version. We could update the javadoc. Would you be interested in submitting a PR for this?

@grimsa
Copy link
Contributor Author

grimsa commented Nov 19, 2020

Sure. Let me know what the javadoc should be and I'll create a PR with that change.
Or maybe this should target 6.x instead?

@jgrandja
Copy link
Contributor

@grimsa On second thought...

Let's @Deprecated:

Boolean containsClaim(String claim)

And add:

boolean hasClaim(String claim)

We should also ensure there are no reference to containsClaim() within the codebase.

Sound good?

@jgrandja jgrandja added this to the 5.5.0-M2 milestone Nov 24, 2020
@jgrandja jgrandja added type: enhancement A general enhancement and removed status: feedback-provided Feedback has been provided labels Nov 24, 2020
@jgrandja jgrandja assigned grimsa and unassigned jgrandja Nov 24, 2020
@grimsa grimsa mentioned this issue Nov 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@grimsa grimsa

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.5.0-M2
Development

Successfully merging a pull request may close this issue.

Added ClaimAccessor#hasClaim
3 participants
@grimsa @jgrandja @spring-projects-issues