Saml2LogoutRequestMixin relayState property should be binding

Closes gh-12539
This commit is contained in:
Marcus Da Coregio 2023-01-26 11:20:08 -03:00
parent d8eadd2207
commit 2af78c19ab
2 changed files with 18 additions and 3 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -53,7 +53,7 @@ class Saml2LogoutRequestMixin {
@JsonCreator @JsonCreator
Saml2LogoutRequestMixin(@JsonProperty("location") String location, Saml2LogoutRequestMixin(@JsonProperty("location") String location,
@JsonProperty("relayState") Saml2MessageBinding relayState, @JsonProperty("binding") Saml2MessageBinding binding,
@JsonProperty("parameters") Map<String, String> parameters, @JsonProperty("id") String id, @JsonProperty("parameters") Map<String, String> parameters, @JsonProperty("id") String id,
@JsonProperty("relyingPartyRegistrationId") String relyingPartyRegistrationId) { @JsonProperty("relyingPartyRegistrationId") String relyingPartyRegistrationId) {
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -19,6 +19,8 @@ package org.springframework.security.saml2.jackson2;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -52,6 +54,19 @@ class Saml2LogoutRequestMixinTests {
@Test @Test
void shouldDeserialize() throws Exception { void shouldDeserialize() throws Exception {
deserializeAndAssertRequest();
}
// gh-12539
@Test
void shouldDeserializeWhenFailOnMissingCreatorPropertiesEnabled() throws Exception {
// Jackson will use reflection to initialize the binding property if this is not
// enabled
this.mapper.configure(DeserializationFeature.FAIL_ON_MISSING_CREATOR_PROPERTIES, true);
deserializeAndAssertRequest();
}
private void deserializeAndAssertRequest() throws JsonProcessingException {
Saml2LogoutRequest logoutRequest = this.mapper.readValue(TestSaml2JsonPayloads.DEFAULT_LOGOUT_REQUEST_JSON, Saml2LogoutRequest logoutRequest = this.mapper.readValue(TestSaml2JsonPayloads.DEFAULT_LOGOUT_REQUEST_JSON,
Saml2LogoutRequest.class); Saml2LogoutRequest.class);