RequestHeaderAuthenticationFilter#getPreAuthenticatedPrincipal should be declared @Nullable #18046
Description
Describe the bug
While AbstractPreAuthenticatedProcessingFilter::getPreAuthenticatedPrincipal is correctly annotated with @Nullable, the overriden method in RequestHeaderAuthenticationFilter is missing the annotation resulting in compilation errors when using Kotlin
To Reproduce
Create a Kotlin class that extends RequestHeaderAuthenticationFilter and override getPreAuthenticatedPrincipal.
Kotlin insists on non-nullable types, making null checks and null return values impossible.
Expected behavior
The return type should be correctly annotated with @Nullable, allowing null checks in Kotlin code overriding this method.
Sample
class EntraCompatibleRequestHeaderAuthenticationFilter : RequestHeaderAuthenticationFilter() {
override fun getPreAuthenticatedPrincipal(request: HttpServletRequest): String {
return super.getPreAuthenticatedPrincipal(request).toString().substringBefore('@')
}
}
but should be
class EntraCompatibleRequestHeaderAuthenticationFilter : RequestHeaderAuthenticationFilter() {
override fun getPreAuthenticatedPrincipal(request: HttpServletRequest): String? {
return super.getPreAuthenticatedPrincipal(request)?.toString()?.substringBefore('@')
}
}