Fix SAML 2.0 Javaconfig Sample

Issue gh-9362
2021-01-22 11:18:12 -07:00 · 2021-01-22 11:18:12 -07:00 · 32acb04efe
parent 57dfbeecbb
commit 32acb04efe
5 changed files with 27 additions and 13 deletions
--- a/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle
+++ b/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle
@ -5,6 +5,7 @@ dependencies {
 	compile project(':spring-security-config')
 	compile "org.bouncycastle:bcprov-jdk15on"
 	compile "org.bouncycastle:bcpkix-jdk15on"
+	compile slf4jDependencies

 	testCompile project(':spring-security-test')
 }
--- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
+++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
@ -27,6 +27,10 @@ import org.springframework.security.web.session.HttpSessionEventPublisher;
 public class MessageSecurityWebApplicationInitializer extends
 		AbstractSecurityWebApplicationInitializer {

+	public MessageSecurityWebApplicationInitializer() {
+		super(SecurityConfig.class);
+	}
+
 	@Override
 	protected boolean enableHttpSessionEventPublisher() {
 		return true;
--- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -15,6 +15,8 @@
 */
 package org.springframework.security.samples.config;

+
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -23,6 +25,7 @@ import org.springframework.security.converter.RsaKeyConverters;
 import org.springframework.security.saml2.credentials.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;

 import java.io.ByteArrayInputStream;
@ -39,7 +42,8 @@ import static org.springframework.security.saml2.credentials.Saml2X509Credential
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

-	RelyingPartyRegistration getSaml2AuthenticationConfiguration() throws Exception {
+	@Bean
+	RelyingPartyRegistrationRepository getSaml2AuthenticationConfiguration() throws Exception {
 		//remote IDP entity ID
 		String idpEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
 		//remote WebSSO Endpoint - Where to Send AuthNRequests to
@ -53,14 +57,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		//IDP certificate for verification of incoming messages
 		Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
 		String acsUrlTemplate = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
-		return RelyingPartyRegistration.withRegistrationId(registrationId)
+		return new InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration.withRegistrationId(registrationId)
 				.remoteIdpEntityId(idpEntityId)
 				.idpWebSsoUrl(webSsoEndpoint)
 				.credentials(c -> c.add(signingCredential))
 				.credentials(c -> c.add(idpVerificationCertificate))
 				.localEntityIdTemplate(localEntityIdTemplate)
 				.assertionConsumerServiceUrlTemplate(acsUrlTemplate)
-				.build();
+				.build());
 	}

 	@Override
@ -70,14 +74,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 			.authorizeRequests()
 				.anyRequest().authenticated()
 				.and()
-			.saml2Login()
-				.relyingPartyRegistrationRepository(
-						new InMemoryRelyingPartyRegistrationRepository(
-							getSaml2AuthenticationConfiguration()
-					)
-				)
-				.loginProcessingUrl("/sample/jc/saml2/sso/{registrationId}")
-		;
+			.saml2Login();
 		// @formatter:on
 	}

--- a/samples/javaconfig/saml2login/src/main/resources/logback.xml
+++ b/samples/javaconfig/saml2login/src/main/resources/logback.xml
@ -0,0 +1,12 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+
+	<root level="WARN">
+		<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>
--- a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
+++ b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java
@ -44,7 +44,7 @@ public class SecurityConfigTests {
 	public void filterWhenLoginProcessingUrlIsSetInJavaConfigThenTheFilterHasIt() {
 		FilterChainProxy filterChain = context.getBean(FilterChainProxy.class);
 		Assert.assertNotNull(filterChain);
-		final List<Filter> filters = filterChain.getFilters("/sample/jc/saml2/sso/test-id");
+		final List<Filter> filters = filterChain.getFilters("/login/saml2/sso/one");
 		Assert.assertNotNull(filters);
 		Saml2WebSsoAuthenticationFilter filter = (Saml2WebSsoAuthenticationFilter) filters
 				.stream()
@ -55,6 +55,6 @@ public class SecurityConfigTests {
 				.get();
 		final Object matcher = ReflectionTestUtils.getField(filter, "requiresAuthenticationRequestMatcher");
 		final Object pattern = ReflectionTestUtils.getField(matcher, "pattern");
-		Assert.assertEquals("loginProcessingUrl mismatch", "/sample/jc/saml2/sso/{registrationId}", pattern);
+		Assert.assertEquals("loginProcessingUrl mismatch", "/login/saml2/sso/{registrationId}", pattern);
 	}
 }