From 0c696dd58b0c1cd0b5bcd7961b8dbd3d96251d3e Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 18 Aug 2020 13:53:38 -0600 Subject: [PATCH] Remove XSAnyMarshaller AttributeValue Support In favor of customizing the authentication converter Closes gh-8864 --- .../OpenSamlAuthenticationProvider.java | 18 +---------- .../OpenSamlAuthenticationProviderTests.java | 32 ------------------- .../authentication/TestOpenSamlObjects.java | 3 +- 3 files changed, 3 insertions(+), 50 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java index 25e4350a17..d9e4c3736c 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java @@ -34,7 +34,6 @@ import javax.xml.namespace.QName; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.xml.ParserPool; -import net.shibboleth.utilities.java.support.xml.SerializeSupport; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.joda.time.DateTime; @@ -42,8 +41,6 @@ import org.opensaml.core.config.ConfigurationService; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistry; -import org.opensaml.core.xml.io.Marshaller; -import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.schema.XSAny; import org.opensaml.core.xml.schema.XSBoolean; import org.opensaml.core.xml.schema.XSBooleanValue; @@ -520,7 +517,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi private Object getXmlObjectValue(XMLObject xmlObject) { if (xmlObject instanceof XSAny) { - return getXSAnyObjectValue((XSAny) xmlObject); + return ((XSAny) xmlObject).getTextContent(); } if (xmlObject instanceof XSString) { return ((XSString) xmlObject).getValue(); @@ -542,19 +539,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi return null; } - private Object getXSAnyObjectValue(XSAny xsAny) { - Marshaller marshaller = this.registry.getMarshallerFactory().getMarshaller(xsAny); - if (marshaller != null) { - try { - Element element = marshaller.marshall(xsAny); - return SerializeSupport.nodeToString(element); - } catch (MarshallingException e) { - throw new Saml2Exception(e); - } - } - return xsAny.getTextContent(); - } - private static class SignatureTrustEngineConverter implements Converter { @Override diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java index d438f39e63..54033535e1 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java @@ -41,13 +41,11 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.opensaml.core.xml.XMLObject; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.Marshaller; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.saml.common.assertion.ValidationContext; import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.AttributeStatement; -import org.opensaml.saml.saml2.core.AttributeValue; import org.opensaml.saml.saml2.core.EncryptedAssertion; import org.opensaml.saml.saml2.core.EncryptedID; import org.opensaml.saml.saml2.core.NameID; @@ -257,29 +255,6 @@ public class OpenSamlAuthenticationProviderTests { assertThat(principal.getAttributes()).isEqualTo(expected); } - @Test - public void authenticateWhenAttributeValueMarshallerConfiguredThenUses() throws Exception { - Response response = response(); - Assertion assertion = assertion(); - List attributes = attributeStatements(); - assertion.getAttributeStatements().addAll(attributes); - signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID); - response.getAssertions().add(assertion); - Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential()); - - Element attributeElement = element("value"); - Marshaller marshaller = mock(Marshaller.class); - when(marshaller.marshall(any(XMLObject.class))).thenReturn(attributeElement); - - try { - XMLObjectProviderRegistrySupport.getMarshallerFactory().registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller); - this.provider.authenticate(token); - verify(marshaller, atLeastOnce()).marshall(any(XMLObject.class)); - } finally { - XMLObjectProviderRegistrySupport.getMarshallerFactory().deregisterMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME); - } - } - @Test public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception { this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); @@ -504,11 +479,4 @@ public class OpenSamlAuthenticationProviderTests { return new Saml2AuthenticationToken(payload, DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, Arrays.asList(credentials)); } - - private static Element element(String xml) throws Exception { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.parse(new InputSource(new StringReader(xml))); - return doc.getDocumentElement(); - } } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java index 9267ef93dd..80d649bd3a 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java @@ -312,7 +312,8 @@ final class TestOpenSamlObjects { Attribute emailAttr = attributeBuilder.buildObject(); emailAttr.setName("email"); - XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME); + XSAny email1 = new XSAnyBuilder() + .buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); // gh-8864 email1.setTextContent("john.doe@example.com"); emailAttr.getAttributeValues().add(email1); XSAny email2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);