From 32c7e8a6eecdb6a55da15c3d06f102b07d81ce86 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:56:56 -0600 Subject: [PATCH] Use Saml2Error Static Factories --- .../BaseOpenSamlAuthenticationProvider.java | 15 +++++---------- .../BaseOpenSamlAuthenticationTokenConverter.java | 4 +--- .../web/Saml2AuthenticationTokenConverter.java | 7 +++---- ...lLogoutRequestValidatorParametersResolver.java | 4 +--- .../logout/Saml2LogoutRequestFilter.java | 4 +--- .../web/OpenSamlAuthenticationTokenConverter.java | 4 +--- ...lLogoutRequestValidatorParametersResolver.java | 4 +--- .../OpenSaml5AuthenticationProvider.java | 4 ++-- 8 files changed, 15 insertions(+), 31 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java index 32b4fa61ec..b02f82062d 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java @@ -302,7 +302,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { throw ex; } catch (Exception ex) { - throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex); + throw new Saml2AuthenticationException(Saml2Error.internalValidationError(ex.getMessage()), ex); } } @@ -316,7 +316,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { return this.saml.deserialize(response); } catch (Exception ex) { - throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex); + throw new Saml2AuthenticationException(Saml2Error.malformedResponseData(ex.getMessage()), ex); } } @@ -375,7 +375,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { .debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]"); } Saml2Error first = errors.iterator().next(); - throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null); + throw new Saml2AuthenticationException(first); } else { if (this.logger.isDebugEnabled()) { @@ -408,7 +408,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(response); } catch (Exception ex) { - throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex); + throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex); } }; } @@ -437,7 +437,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(assertion); } catch (Exception ex) { - throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex); + throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex); } }; } @@ -503,11 +503,6 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider { return xmlObject; } - private static Saml2AuthenticationException createAuthenticationException(String code, String message, - Exception cause) { - return new Saml2AuthenticationException(new Saml2Error(code, message), cause); - } - private static Converter createAssertionValidator(String errorCode, Converter validatorConverter, Converter contextConverter) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java index a88847aeb6..1643959155 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java @@ -22,7 +22,6 @@ import org.opensaml.saml.saml2.core.Response; import org.springframework.http.HttpMethod; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -182,8 +181,7 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo .decode(); } catch (Exception ex) { - throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()), - ex); + throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java index 73872bbe03..9a43edce6e 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java @@ -20,7 +20,6 @@ import jakarta.servlet.http.HttpServletRequest; import org.springframework.http.HttpMethod; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -107,12 +106,12 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo if (!this.shouldConvertGetRequests && isGet) { return null; } + Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet); try { - return Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet).decode(); + return decoding.decode(); } catch (Exception ex) { - throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()), - ex); + throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java index 2e58340aef..84a53005aa 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java @@ -23,7 +23,6 @@ import org.springframework.http.HttpMethod; import org.springframework.security.core.Authentication; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -145,8 +144,7 @@ final class BaseOpenSamlLogoutRequestValidatorParametersResolver RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId); if (registration == null) { throw new Saml2AuthenticationException( - new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"), - "registration not found"); + Saml2Error.relyingPartyRegistrationNotFound("registration not found")); } return logoutRequestByRegistration(request, registration, authentication); } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java index fd68bbc3a9..1476f37624 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java @@ -31,7 +31,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -268,8 +267,7 @@ public final class Saml2LogoutRequestFilter extends OncePerRequestFilter { registrationId); if (registration == null) { throw new Saml2AuthenticationException( - new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"), - "registration not found"); + Saml2Error.relyingPartyRegistrationNotFound("registration not found")); } UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration); String entityId = uriResolver.resolve(registration.getEntityId()); diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java index 16f8908fd9..c680f93bb3 100644 --- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java @@ -24,7 +24,6 @@ import org.opensaml.saml.saml2.core.Response; import org.springframework.http.HttpMethod; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -197,8 +196,7 @@ public final class OpenSamlAuthenticationTokenConverter implements Authenticatio .decode(); } catch (Exception ex) { - throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()), - ex); + throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex); } } diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java index 27a610a896..aae95e28c7 100644 --- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java +++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java @@ -27,7 +27,6 @@ import org.springframework.http.HttpMethod; import org.springframework.security.core.Authentication; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.core.Saml2Error; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; @@ -159,8 +158,7 @@ public final class OpenSamlLogoutRequestValidatorParametersResolver RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId); if (registration == null) { throw new Saml2AuthenticationException( - new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"), - "registration not found"); + Saml2Error.relyingPartyRegistrationNotFound("registration not found")); } return logoutRequestByRegistration(request, registration, authentication); } diff --git a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java index e3cde7974e..d2dbb5ba0c 100644 --- a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java @@ -935,8 +935,8 @@ public final class OpenSaml5AuthenticationProvider implements AuthenticationProv private static String authenticatedPrincipal(Assertion assertion) { if (!BaseOpenSamlAuthenticationProvider.hasName(assertion)) { - throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, - "Assertion [" + assertion.getID() + "] is missing a subject")); + throw new Saml2AuthenticationException( + Saml2Error.subjectNotFound("Assertion [" + assertion.getID() + "] is missing a subject")); } return assertion.getSubject().getNameID().getValue(); }