Resolve feedback

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>

cas/src/main/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetails.java

@@ -72,13 +72,13 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 
 	@Override
 	public boolean equals(Object obj) {
-		if (super.equals(obj)) {
+		if (this == obj) {
 			return true;
 		}
-		if (obj instanceof DefaultServiceAuthenticationDetails that) {
+		if (!(obj instanceof DefaultServiceAuthenticationDetails that)) {
-			return this.serviceUrl.equals(that.getServiceUrl());
+			return false;
 		}
-		return false;
+		return this.serviceUrl.equals(that.getServiceUrl());
 	}
 
 	@Override
@@ -111,7 +111,10 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails
 	 */
 	private @Nullable String getQueryString(final HttpServletRequest request, final Pattern artifactPattern) {
 		final String query = request.getQueryString();
-		String result = (query != null) ? artifactPattern.matcher(query).replaceFirst("") : "";
+		if (query == null) {
+			return null;
+		}
+		String result = artifactPattern.matcher(query).replaceFirst("");
 		if (result.isEmpty()) {
 			return null;
 		}

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -208,7 +208,8 @@ public abstract class SecurityExpressionRoot<T extends @Nullable Object> impleme
 	/**
 	 * Convenience method to access {@link Authentication#getPrincipal()} from
 	 * {@link #getAuthentication()}
-	 * @return
+	 * @return the {@code Principal} being authenticated or the authenticated principal
+	 * after authentication.
 	 */
 	public @Nullable Object getPrincipal() {
 		return getAuthentication().getPrincipal();

crypto/src/main/java/org/springframework/security/crypto/password/AbstractValidatingPasswordEncoder.java

@@ -21,7 +21,11 @@ import org.jspecify.annotations.Nullable;
 import org.springframework.util.StringUtils;
 
 /**
- * Implementation of PasswordEncoder.
+ * An abstract {@link PasswordEncoder} that implementers can use for expecting the
+ * password to be non-{@code null}. Each common password API method is accompanied with an
+ * abstract method with a {@code NonNull} prefix. By implementing this, the concrete class
+ * is specifying what to do with the password when it is non-{@code null}, allowing this
+ * class to handle the {@code null} case.
  *
  * @author Rob Winch
  * @since 7.0
@@ -50,10 +54,10 @@ public abstract class AbstractValidatingPasswordEncoder implements PasswordEncod
 
 	@Override
 	public final boolean upgradeEncoding(@Nullable String encodedPassword) {
-		if (StringUtils.hasLength(encodedPassword)) {
+		if (!StringUtils.hasLength(encodedPassword)) {
-			return upgradeEncodingNonNull(encodedPassword);
+			return false;
 		}
-		return false;
+		return upgradeEncodingNonNull(encodedPassword);
 	}
 
 	protected boolean upgradeEncodingNonNull(String encodedPassword) {

web/src/main/java/org/springframework/security/web/firewall/RequestWrapper.java

@@ -25,6 +25,7 @@ import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import org.jspecify.annotations.Nullable;
+import org.springframework.util.StringUtils;
 
 /**
  * Request wrapper which ensures values of {@code servletPath} and {@code pathInfo} are
@@ -58,7 +59,7 @@ final class RequestWrapper extends FirewalledRequest {
 		super(request);
 		this.strippedServletPath = strip(request.getServletPath());
 		String pathInfo = strip(request.getPathInfo());
-		if (pathInfo != null && pathInfo.isEmpty()) {
+		if (!StringUtils.hasLength(pathInfo)) {
 			pathInfo = null;
 		}
 		this.strippedPathInfo = pathInfo;

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -36,6 +36,7 @@ import org.jspecify.annotations.Nullable;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
@@ -100,7 +101,7 @@ public class DefaultSavedRequest implements SavedRequest {
 	private final @Nullable String matchingRequestParameterName;
 
 	public DefaultSavedRequest(HttpServletRequest request) {
-		this(request, (String) null);
+		this(request, null);
 	}
 
 	public DefaultSavedRequest(HttpServletRequest request, @Nullable String matchingRequestParameterName) {
@@ -193,21 +194,17 @@ public class DefaultSavedRequest implements SavedRequest {
 	 * @since 4.2
 	 */
 	private void addParameters(Map<String, String[]> parameters) {
-		if (!ObjectUtils.isEmpty(parameters)) {
+		if (ObjectUtils.isEmpty(parameters)) {
-			for (String paramName : parameters.keySet()) {
+			return;
-				Object paramValues = parameters.get(paramName);
-				if (paramValues instanceof String[]) {
-					this.addParameter(paramName, (String[]) paramValues);
-				}
-				else {
-					logger.warn("ServletRequest.getParameterMap() returned non-String array");
-				}
-			}
 		}
-	}
 
-	private void addParameter(String name, String[] values) {
+		for (Map.Entry<String, String[]> entry : parameters.entrySet()) {
-		this.parameters.put(name, values);
+			String name = entry.getKey();
+			String[] values = entry.getValue();
+			if (values != null) {
+				this.parameters.put(name, values);
+			}
+		}
 	}
 
 	public @Nullable String getContextPath() {
@@ -301,16 +298,6 @@ public class DefaultSavedRequest implements SavedRequest {
 		return this.servletPath;
 	}
 
-	private boolean propertyEquals(@Nullable Object arg1, Object arg2) {
-		if ((arg1 == null) && (arg2 == null)) {
-			return true;
-		}
-		if (arg1 == null || arg2 == null) {
-			return false;
-		}
-		return arg1.equals(arg2);
-	}
-
 	@Override
 	public String toString() {
 		return "DefaultSavedRequest [" + getRedirectUrl() + "]";
@@ -321,7 +308,7 @@ public class DefaultSavedRequest implements SavedRequest {
 		if (matchingRequestParameterName == null) {
 			return queryString;
 		}
-		if (queryString == null || queryString.length() == 0) {
+		if (!StringUtils.hasLength(queryString)) {
 			return matchingRequestParameterName;
 		}
 		return UriComponentsBuilder.newInstance()