From 8e2995f67916d7dacba6f24aee09916b5c41ceae Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Tue, 30 Jun 2026 18:25:26 +0700 Subject: [PATCH 1/2] Add `@Nullable` to `OidcSessionRegistry#removeSessionInformation` Closes gh-19403 Signed-off-by: Tran Ngoc Nhan --- .../client/oidc/session/InMemoryOidcSessionRegistry.java | 2 +- .../oauth2/client/oidc/session/OidcSessionRegistry.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java index 13da5be113b..ffcba6a0372 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java @@ -50,7 +50,7 @@ public void saveSessionInformation(OidcSessionInformation info) { } @Override - public OidcSessionInformation removeSessionInformation(String clientSessionId) { + public @Nullable OidcSessionInformation removeSessionInformation(String clientSessionId) { OidcSessionInformation information = this.sessions.remove(clientSessionId); if (information != null) { this.logger.trace("Removed client session"); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java index e984dd5eeed..90734b85653 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.client.oidc.session; +import org.jspecify.annotations.Nullable; import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken; /** @@ -44,7 +45,7 @@ public interface OidcSessionRegistry { * @param clientSessionId the client session * @return any found {@link OidcSessionInformation}, could be {@code null} */ - OidcSessionInformation removeSessionInformation(String clientSessionId); + @Nullable OidcSessionInformation removeSessionInformation(String clientSessionId); /** * Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token From 8792649cfb278768801183d5dcac5350641b0790 Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Tue, 30 Jun 2026 18:45:50 +0700 Subject: [PATCH 2/2] Fix checkstyle Signed-off-by: Tran Ngoc Nhan --- .../security/oauth2/client/oidc/session/OidcSessionRegistry.java | 1 + 1 file changed, 1 insertion(+) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java index 90734b85653..ab0dfee49ae 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java @@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.oidc.session; import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken; /**