Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make SAML authentication request uri configurable 

Closes gh-10840
This commit is contained in:
Houssem BELHADJ AHMED 2022-06-05 16:34:15 +02:00 committed by Josh Cummings
parent 07f28de79b
commit 33104269d6
3 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolver.java
View File

@ -100,6 +100,10 @@ class OpenSamlAuthenticationRequestResolver {
this.relayStateResolver = relayStateResolver; this.relayStateResolver = relayStateResolver;
} }
void setRequestMatcher(RequestMatcher requestMatcher) {
this.requestMatcher = requestMatcher;
}
<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) { <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) {
return resolve(request, (registration, logoutRequest) -> { return resolve(request, (registration, logoutRequest) -> {
}); });

14
saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolver.java
View File

@ -27,6 +27,7 @@ import org.springframework.core.convert.converter.Converter;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**
@ -69,6 +70,19 @@ public final class OpenSaml4AuthenticationRequestResolver implements Saml2Authen
this.contextConsumer = contextConsumer; this.contextConsumer = contextConsumer;
} }
/**
* Set the {@link RequestMatcher} to use for setting the
* {@link OpenSamlAuthenticationRequestResolver#setRequestMatcher(RequestMatcher)}
* (RequestMatcher)}
* @param requestMatcher the {@link RequestMatcher} to identify authentication
* requests.
* @since 5.8
*/
public void setRequestMatcher(RequestMatcher requestMatcher) {
Assert.notNull(requestMatcher, "requestMatcher cannot be null");
this.authnRequestResolver.setRequestMatcher(requestMatcher);
}
/** /**
* Use this {@link Clock} for generating the issued {@link Instant} * Use this {@link Clock} for generating the issued {@link Instant}
* @param clock the {@link Clock} to use * @param clock the {@link Clock} to use

25
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
View File

@ -28,6 +28,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations; import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
@ -43,8 +44,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {
@BeforeEach @BeforeEach
void setup() { void setup() {
this.request = new MockHttpServletRequest(); this.request = givenRequest("/saml2/authenticate/registration-id");
this.request.setServletPath("/saml2/authenticate/registration-id");
this.registration = TestRelyingPartyRegistrations.full().build(); this.registration = TestRelyingPartyRegistrations.full().build();
} }
@ -85,4 +85,25 @@ public class OpenSaml4AuthenticationRequestResolverTests {
verify(relayState).convert(any()); verify(relayState).convert(any());
} }
@Test
void resolveWhenCustomAuthenticationUrlTHenUses() {
RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
given(relyingParties.resolve(any(), any())).willReturn(this.registration);
OpenSaml4AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(relyingParties);
resolver.setRequestMatcher(new AntPathRequestMatcher("/custom/authentication/{registrationId}"));
Saml2RedirectAuthenticationRequest authnRequest = resolver
.resolve(givenRequest("/custom/authentication/registration-id"));
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
}
private MockHttpServletRequest givenRequest(String path) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath(path);
return request;
}
} }