From 0782228914b46919a0bfc126e0045eed92565957 Mon Sep 17 00:00:00 2001 From: Clement Stoquart Date: Thu, 28 Nov 2019 15:45:37 +0100 Subject: [PATCH] fix: make Saml2Authentication serializable --- .../OpenSamlAuthenticationProvider.java | 2 +- .../Saml2AuthenticatedPrincipal.java | 28 +++++++++++++ .../SimpleSaml2AuthenticatedPrincipal.java | 39 +++++++++++++++++++ .../OpenSamlAuthenticationProviderTests.java | 26 +++++++++++++ ...impleSaml2AuthenticatedPrincipalTests.java | 30 ++++++++++++++ 5 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipal.java create mode 100644 saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipalTests.java diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java index a6e5034d23..900f3cd820 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java @@ -178,7 +178,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi Assertion assertion = validateSaml2Response(token, token.getRecipientUri(), samlResponse); String username = getUsername(token, assertion); return new Saml2Authentication( - () -> username, token.getSaml2Response(), + new SimpleSaml2AuthenticatedPrincipal(username), token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)) ); } catch (Saml2AuthenticationException e) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java new file mode 100644 index 0000000000..5767b55e41 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java @@ -0,0 +1,28 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.saml2.provider.service.authentication; + +import org.springframework.security.core.AuthenticatedPrincipal; + +/** + * Saml2 representation of an {@link AuthenticatedPrincipal}. + * + * @author Clement Stoquart + * @since 5.3 + */ +public interface Saml2AuthenticatedPrincipal extends AuthenticatedPrincipal { +} diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipal.java new file mode 100644 index 0000000000..8592571037 --- /dev/null +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipal.java @@ -0,0 +1,39 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.saml2.provider.service.authentication; + +import java.io.Serializable; + +/** + * Default implementation of a {@link Saml2AuthenticatedPrincipal}. + * + * @author Clement Stoquart + * @since 5.3 + */ +class SimpleSaml2AuthenticatedPrincipal implements Saml2AuthenticatedPrincipal, Serializable { + + private final String name; + + SimpleSaml2AuthenticatedPrincipal(String name) { + this.name = name; + } + + @Override + public String getName() { + return this.name; + } +} diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java index 3424270b87..387302323e 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java @@ -16,6 +16,10 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectOutputStream; + import org.springframework.security.core.Authentication; import org.hamcrest.BaseMatcher; @@ -346,6 +350,28 @@ public class OpenSamlAuthenticationProviderTests { provider.authenticate(token); } + @Test + public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOException { + Response response = response(recipientUri, idpEntityId); + Assertion assertion = defaultAssertion(); + signXmlObject( + assertion, + assertingPartyCredentials(), + recipientEntityId + ); + EncryptedAssertion encryptedAssertion = encryptAssertion(assertion, assertingPartyCredentials()); + response.getEncryptedAssertions().add(encryptedAssertion); + token = responseXml(response, idpEntityId); + + Saml2Authentication authentication = (Saml2Authentication) provider.authenticate(token); + + // the following code will throw an exception if authentication isn't serializable + ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024); + ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream); + objectOutputStream.writeObject(authentication); + objectOutputStream.flush(); + } + private Assertion defaultAssertion() { return assertion( username, diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipalTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipalTests.java new file mode 100644 index 0000000000..5948ab7ca9 --- /dev/null +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/SimpleSaml2AuthenticatedPrincipalTests.java @@ -0,0 +1,30 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.saml2.provider.service.authentication; + +import org.junit.Assert; +import org.junit.Test; + +public class SimpleSaml2AuthenticatedPrincipalTests { + + @Test + public void createSimpleSaml2AuthenticatedPrincipal() { + SimpleSaml2AuthenticatedPrincipal principal = new SimpleSaml2AuthenticatedPrincipal("user"); + + Assert.assertEquals("user", principal.getName()); + } +}