Why can't SessionConcurrencyDslTests have a null value below?
val isAdmin: AuthorizationManager<Any> = AuthorityAuthorizationManager.hasRole("ADMIN")
http {
sessionManagement {
sessionConcurrency {
maximumSessions {
authentication -> if (isAdmin.authorize({ authentication }, "")!!.isGranted) -1 else 1 // why can't "" be changed to null here?
}
maxSessionsPreventsLogin = true
}
}
formLogin { }
}
return http.build()
Comment From: sjohnr
I'm adding this comment here instead of opening a new issue, as I believe this issue will address it:
In gh-17667 (a5c38bdc9442992add3ccdee3728c65eaaae1ff5), the AuthorizationManager interface can have a nullable generic type. Since nullability of generic types comes from the declaration of the type, in the following example,
public final class AuthorityAuthorizationManager<T> implements AuthorizationManager<T> {
...
}
The T is actually still <T extends @NonNull Object> (because of the package-level @NullMarked annotation). To allow for a @Nullable T on this implementation, it should instead be declared as:
public final class AuthorityAuthorizationManager<T extends @Nullable Object> implements AuthorizationManager<T> {
...
}
AuthorizationManager implementations that I believe should be declared as nullable (perhaps there are more, but these at a minimum):
SingleResultAuthorizationManagerAuthenticatedAuthorizationManagerAuthorityAuthorizationManager