Fix compiler warnings in spring-security-acl

Bae Jihong · rwinch · commit e4615fa9c07e · 2026-02-02T13:36:54.000-06:00
- Use asSubclass() in AclClassIdUtils to avoid a unchecked cast warning - Replace raw Map type with Map<?, ?> unbounded wildcard to avoid raw type warnings - Use ArgumentMatchers to avoid a unchecked cast warning - Suppress an unavoidable unchecked warning in reflection-based test code Closes gh-18413 Signed-off-by: Bae Jihong <dasog@naver.com>
diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java b/acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
@@ -87,7 +87,7 @@ private boolean hasValidClassIdType(ResultSet resultSet) {
 		}
 	}
 
-	private <T extends Serializable> @Nullable Class<T> classIdTypeFrom(ResultSet resultSet) throws SQLException {
+	private @Nullable Class<? extends Serializable> classIdTypeFrom(ResultSet resultSet) throws SQLException {
 		try {
 			return classIdTypeFrom(resultSet.getString(DEFAULT_CLASS_ID_TYPE_COLUMN_NAME));
 		}
@@ -97,17 +97,21 @@ private boolean hasValidClassIdType(ResultSet resultSet) {
 		}
 	}
 
-	private <T extends Serializable> @Nullable Class<T> classIdTypeFrom(String className) {
+	private @Nullable Class<? extends Serializable> classIdTypeFrom(String className) {
 		if (className == null) {
 			return null;
 		}
 		try {
-			return (Class) Class.forName(className);
+			return Class.forName(className).asSubclass(Serializable.class);
 		}
 		catch (ClassNotFoundException ex) {
 			log.debug("Unable to find class id type on classpath", ex);
 			return null;
 		}
+		catch (ClassCastException ex) {
+			log.debug("Class id type is not a Serializable type", ex);
+			return null;
+		}
 	}
 
 	private <T> boolean canConvertFromStringTo(Class<T> targetType) {
diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
@@ -478,6 +478,7 @@ public void maskPermissionGrantingStrategy() {
 	}
 
 	@Test
+	@SuppressWarnings("unchecked")
 	public void hashCodeWithoutStackOverFlow() throws Exception {
 		Sid sid = new PrincipalSid("pSid");
 		ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
@@ -29,6 +29,7 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
@@ -46,7 +47,6 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
@@ -109,7 +109,8 @@ public void findOneChildren() {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		given(this.jdbcOperations.query(anyString(), any(RowMapper.class), eq(args))).willReturn(result);
+		given(this.jdbcOperations.query(anyString(), ArgumentMatchers.<RowMapper<ObjectIdentity>>any(), eq(args)))
+			.willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities).hasSize(1);
diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
@@ -80,11 +80,10 @@ public void constructorRejectsNullParameters() {
 		assertThatIllegalArgumentException().isThrownBy(() -> new SpringCacheBasedAclCache(null, null, null));
 	}
 
-	@SuppressWarnings("rawtypes")
 	@Test
 	public void cacheOperationsAclWithoutParent() {
 		Cache cache = getCache();
-		Map realCache = (Map) cache.getNativeCache();
+		Map<?, ?> realCache = (Map<?, ?>) cache.getNativeCache();
 		ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
 		AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
 				new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
@@ -116,11 +115,10 @@ public void cacheOperationsAclWithoutParent() {
 		assertThat(realCache).isEmpty();
 	}
 
-	@SuppressWarnings("rawtypes")
 	@Test
 	public void cacheOperationsAclWithParent() throws Exception {
 		Cache cache = getCache();
-		Map realCache = (Map) cache.getNativeCache();
+		Map<?, ?> realCache = (Map<?, ?>) cache.getNativeCache();
 		Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
 		auth.setAuthenticated(true);
 		SecurityContextHolder.getContext().setAuthentication(auth);

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ private boolean hasValidClassIdType(ResultSet resultSet) {`
`87`	`87`	`}`
`88`	`88`	`}`
`89`	`89`
`90`		`- private <T extends Serializable> @Nullable Class<T> classIdTypeFrom(ResultSet resultSet) throws SQLException {`
	`90`	`+ private @Nullable Class<? extends Serializable> classIdTypeFrom(ResultSet resultSet) throws SQLException {`
`91`	`91`	`try {`
`92`	`92`	`return classIdTypeFrom(resultSet.getString(DEFAULT_CLASS_ID_TYPE_COLUMN_NAME));`
`93`	`93`	`}`
`@@ -97,17 +97,21 @@ private boolean hasValidClassIdType(ResultSet resultSet) {`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`
`100`		`- private <T extends Serializable> @Nullable Class<T> classIdTypeFrom(String className) {`
	`100`	`+ private @Nullable Class<? extends Serializable> classIdTypeFrom(String className) {`
`101`	`101`	`if (className == null) {`
`102`	`102`	`return null;`
`103`	`103`	`}`
`104`	`104`	`try {`
`105`		`- return (Class) Class.forName(className);`
	`105`	`+ return Class.forName(className).asSubclass(Serializable.class);`
`106`	`106`	`}`
`107`	`107`	`catch (ClassNotFoundException ex) {`
`108`	`108`	`log.debug("Unable to find class id type on classpath", ex);`
`109`	`109`	`return null;`
`110`	`110`	`}`
	`111`	`+ catch (ClassCastException ex) {`
	`112`	`+ log.debug("Class id type is not a Serializable type", ex);`
	`113`	`+ return null;`
	`114`	`+ }`
`111`	`115`	`}`
`112`	`116`
`113`	`117`	`private <T> boolean canConvertFromStringTo(Class<T> targetType) {`
Original file line number	Diff line number	Diff line change
`@@ -478,6 +478,7 @@ public void maskPermissionGrantingStrategy() {`
`478`	`478`	`}`
`479`	`479`
`480`	`480`	`@Test`
	`481`	`+ @SuppressWarnings("unchecked")`
`481`	`482`	`public void hashCodeWithoutStackOverFlow() throws Exception {`
`482`	`483`	`Sid sid = new PrincipalSid("pSid");`
`483`	`484`	`ObjectIdentity oid = new ObjectIdentityImpl("type", 1);`