make SAML authentication request uri configurable

Closes gh-10840
2022-06-05 16:34:15 +02:00 · 2022-06-05 16:34:15 +02:00 · 33104269d6
parent 07f28de79b
commit 33104269d6
3 changed files with 41 additions and 2 deletions
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolver.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolver.java
@ -100,6 +100,10 @@ class OpenSamlAuthenticationRequestResolver {
 		this.relayStateResolver = relayStateResolver;
 	}

+	void setRequestMatcher(RequestMatcher requestMatcher) {
+		this.requestMatcher = requestMatcher;
+	}
+
 	<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) {
 		return resolve(request, (registration, logoutRequest) -> {
 		});
--- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolver.java
+++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolver.java
@ -27,6 +27,7 @@ import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;

 /**
@ -69,6 +70,19 @@ public final class OpenSaml4AuthenticationRequestResolver implements Saml2Authen
 		this.contextConsumer = contextConsumer;
 	}

+	/**
+	 * Set the {@link RequestMatcher} to use for setting the
+	 * {@link OpenSamlAuthenticationRequestResolver#setRequestMatcher(RequestMatcher)}
+	 * (RequestMatcher)}
+	 * @param requestMatcher the {@link RequestMatcher} to identify authentication
+	 * requests.
+	 * @since 5.8
+	 */
+	public void setRequestMatcher(RequestMatcher requestMatcher) {
+		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
+		this.authnRequestResolver.setRequestMatcher(requestMatcher);
+	}
+
 	/**
 	 * Use this {@link Clock} for generating the issued {@link Instant}
 	 * @param clock the {@link Clock} to use
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
@ -28,6 +28,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
@ -43,8 +44,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {

 	@BeforeEach
 	void setup() {
-		this.request = new MockHttpServletRequest();
-		this.request.setServletPath("/saml2/authenticate/registration-id");
+		this.request = givenRequest("/saml2/authenticate/registration-id");
 		this.registration = TestRelyingPartyRegistrations.full().build();
 	}

@ -85,4 +85,25 @@ public class OpenSaml4AuthenticationRequestResolverTests {
 		verify(relayState).convert(any());
 	}

+	@Test
+	void resolveWhenCustomAuthenticationUrlTHenUses() {
+		RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
+		given(relyingParties.resolve(any(), any())).willReturn(this.registration);
+		OpenSaml4AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(relyingParties);
+		resolver.setRequestMatcher(new AntPathRequestMatcher("/custom/authentication/{registrationId}"));
+		Saml2RedirectAuthenticationRequest authnRequest = resolver
+				.resolve(givenRequest("/custom/authentication/registration-id"));
+
+		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
+		assertThat(authnRequest.getAuthenticationRequestUri())
+				.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
+
+	}
+
+	private MockHttpServletRequest givenRequest(String path) {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServletPath(path);
+		return request;
+	}
+
 }