* static {
- * OpenSamlInitializationService.requireInitialize((registry) -> {
+ * OpenSamlInitializationService.requireInitialize((registry) -> {
* registry.setParserPool(...);
* registry.getBuilderFactory().registerBuilder(...);
* });
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 4fde34733c..a8126d26bd 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -85,6 +85,7 @@ public final class Saml2X509Credential {
/**
* Create a {@link Saml2X509Credential} that can be used for encryption.
* @param certificate the certificate to use for encryption
+ * @return an encrypting {@link Saml2X509Credential}
*/
public static Saml2X509Credential encryption(X509Certificate certificate) {
return new Saml2X509Credential(certificate, Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
@@ -93,6 +94,7 @@ public final class Saml2X509Credential {
/**
* Create a {@link Saml2X509Credential} that can be used for verification.
* @param certificate the certificate to use for verification
+ * @return a verifying {@link Saml2X509Credential}
*/
public static Saml2X509Credential verification(X509Certificate certificate) {
return new Saml2X509Credential(certificate, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
@@ -102,6 +104,7 @@ public final class Saml2X509Credential {
* Create a {@link Saml2X509Credential} that can be used for decryption.
* @param privateKey the private key to use for decryption
* @param certificate the certificate to use for decryption
+ * @return an decrypting {@link Saml2X509Credential}
*/
public static Saml2X509Credential decryption(PrivateKey privateKey, X509Certificate certificate) {
return new Saml2X509Credential(privateKey, certificate, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
@@ -111,6 +114,7 @@ public final class Saml2X509Credential {
* Create a {@link Saml2X509Credential} that can be used for signing.
* @param privateKey the private key to use for signing
* @param certificate the certificate to use for signing
+ * @return a signing {@link Saml2X509Credential}
*/
public static Saml2X509Credential signing(PrivateKey privateKey, X509Certificate certificate) {
return new Saml2X509Credential(privateKey, certificate, Saml2X509Credential.Saml2X509CredentialType.SIGNING);
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index 1cac7d9fb5..8007cbca9d 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -100,7 +100,8 @@ public final class Saml2AuthenticationRequest {
}
/**
- * A builder for {@link Saml2AuthenticationRequest}. returns a builder object
+ * A builder for {@link Saml2AuthenticationRequest}.
+ * @return a {@link Builder} for constructing a {@link Saml2AuthenticationRequest}
*/
public static Builder builder() {
return new Builder();
@@ -109,6 +110,7 @@ public final class Saml2AuthenticationRequest {
/**
* A builder for {@link Saml2AuthenticationRequest}.
* @param context a context object to copy values from. returns a builder object
+ * @return a {@link Builder} for constructing a {@link Saml2AuthenticationRequest}
*/
public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
return new Builder().assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl())
@@ -148,7 +150,7 @@ public final class Saml2AuthenticationRequest {
* request. For example:
* Saml2X509Credential credential = ...;
* return Saml2AuthenticationRequest.withLocalSpEntityId("id")
- * .credentials((c) -> c.add(credential))
+ * .credentials((c) -> c.add(credential))
* ...
* .build();
*
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 3af9371561..320bfe35b5 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -59,11 +59,11 @@ import org.springframework.util.Assert;
* RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
* .entityId(relyingPartyEntityId)
* .assertionConsumerServiceLocation(assertingConsumerServiceLocation)
- * .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
- * .assertingPartyDetails((details) -> details
+ * .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
+ * .assertingPartyDetails((details) -> details
* .entityId(assertingPartyEntityId));
* .singleSignOnServiceLocation(singleSignOnServiceLocation))
- * .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
+ * .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
* .build();
*
*
@@ -857,6 +857,7 @@ public final class RelyingPartyRegistration {
* This value may contain a number of placeholders. They are {@code baseUrl},
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}.
+ * @param entityId the relying party's EntityID
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -906,7 +907,7 @@ public final class RelyingPartyRegistration {
* This value may contain a number of placeholders. They are {@code baseUrl},
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}.
- * @param assertionConsumerServiceLocation
+ * @param assertionConsumerServiceLocation the AssertionConsumerService location
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -923,7 +924,7 @@ public final class RelyingPartyRegistration {
*
* Equivalent to the value found in <AssertionConsumerService
* Binding="..."/> in the relying party's <SPSSODescriptor>
- * @param assertionConsumerServiceBinding
+ * @param assertionConsumerServiceBinding the AssertionConsumerService binding
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -948,7 +949,7 @@ public final class RelyingPartyRegistration {
* communication between IDP and SP For example:
* Saml2X509Credential credential = ...;
* return RelyingPartyRegistration.withRegistrationId("id")
- * .credentials((c) -> c.add(credential))
+ * .credentials((c) -> c.add(credential))
* ...
* .build();
*
@@ -1018,6 +1019,7 @@ public final class RelyingPartyRegistration {
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}, for example
* {@code {baseUrl}/saml2/service-provider-metadata/{registrationId}}
+ * @param template the entity id
* @return a string containing the entity ID or entity ID template
* @deprecated Use {@link #entityId} instead
*/
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 026296e9e8..453101489c 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -113,6 +113,8 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
* parameters
* @param authenticationRequestContextResolver a strategy for formulating a
* {@link Saml2AuthenticationRequestContext}
+ * @param authenticationRequestFactory strategy for formulating a
+ * <saml2:AuthnRequest>
* @since 5.4
*/
public Saml2WebSsoAuthenticationRequestFilter(
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index 25f4fe5f73..57ec493bc8 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -95,7 +95,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
/**
* Set the {@link RequestMatcher} that determines whether this filter should handle
* the incoming {@link HttpServletRequest}
- * @param requestMatcher
+ * @param requestMatcher the {@link RequestMatcher} to identify requests for metadata
*/
public void setRequestMatcher(RequestMatcher requestMatcher) {
Assert.notNull(requestMatcher, "requestMatcher cannot be null");
@@ -106,7 +106,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
* Sets the metadata filename template containing the {@code {registrationId}}
* template variable.
*
- *
+ *
* The default value is {@code saml-{registrationId}-metadata.xml} * @param metadataFilename metadata filename, must contain a {registrationId} * @since 5.5 diff --git a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java index 2a8c3a5f26..e8531b1d39 100644 --- a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java +++ b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java @@ -103,18 +103,15 @@ import org.springframework.util.StringUtils; * {@link Saml2AuthenticationToken#getSaml2Response()} along with the information about * the asserting party, the identity provider (IDP), as well as the relying party, the * service provider (SP, this application). - *
** The {@link Saml2AuthenticationToken} will be processed into a SAML Response object. The * SAML response object can be signed. If the Response is signed, a signature will not be * required on the assertion. - *
** While a response object can contain a list of assertion, this provider will only * leverage the first valid assertion for the purpose of authentication. Assertions that * do not pass validation will be ignored. If no valid assertions are found a * {@link Saml2AuthenticationException} is thrown. - *
** This provider supports two types of encrypted SAML elements *
* This provider does not perform an X509 certificate validation on the configured * asserting party, IDP, verification certificates. - *
* * @author Ryan Cassar * @since 5.2 @@ -138,7 +133,7 @@ import org.springframework.util.StringUtils; * StatusResponse * @see OpenSAML 3 * @deprecated Because OpenSAML 3 has reached End-of-Life, please update to - * {@link OpenSaml4AuthenticationProvider} + * {@code OpenSaml4AuthenticationProvider} */ public final class OpenSamlAuthenticationProvider implements AuthenticationProvider { @@ -195,7 +190,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * *
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setResponseElementsDecrypter((responseToken) -> {
+ * provider.setResponseElementsDecrypter((responseToken) -> {
* DecrypterParameters parameters = new DecrypterParameters();
* // ... set parameters as needed
* Decrypter decrypter = new Decrypter(parameters);
@@ -216,7 +211,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* Converter<EncryptedAssertion, Assertion> myService = ...
- * provider.setResponseDecrypter((responseToken) -> {
+ * provider.setResponseDecrypter((responseToken) -> {
* Response response = responseToken.getResponse();
* response.getEncryptedAssertions().stream()
* .map(service::decrypt).forEach(response.getAssertions()::add);
@@ -242,7 +237,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
*
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setAssertionValidator(assertionToken -> {
+ * provider.setAssertionValidator(assertionToken -> {
* Saml2ResponseValidatorResult result = createDefaultAssertionValidator()
* .convert(assertionToken)
* return result.concat(myCustomValidator.convert(assertionToken));
@@ -255,7 +250,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* provider.setAssertionValidator(
- * createDefaultAssertionValidator(assertionToken -> {
+ * createDefaultAssertionValidator(assertionToken -> {
* Map<String, Object> params = new HashMap<>();
* params.put(CLOCK_SKEW, 2 * 60 * 1000);
* // other parameters
@@ -271,7 +266,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
* step from this validator.
*
* This method takes precedence over {@link #setResponseTimeValidationSkew}.
- * @param assertionValidator
+ * @param assertionValidator the strategy for validating a given assertion
* @since 5.4
*/
public void setAssertionValidator(Converter assertionValidator) {
@@ -287,7 +282,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
*
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setResponseDecrypter((assertionToken) -> {
+ * provider.setResponseDecrypter((assertionToken) -> {
* DecrypterParameters parameters = new DecrypterParameters();
* // ... set parameters as needed
* Decrypter decrypter = new Decrypter(parameters);
@@ -307,7 +302,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* MyDecryptionService myService = ...
- * provider.setResponseDecrypter((responseToken) -> {
+ * provider.setResponseDecrypter((responseToken) -> {
* Assertion assertion = assertionToken.getAssertion();
* EncryptedID encrypted = assertion.getSubject().getEncryptedID();
* NameID name = myService.decrypt(encrypted);
@@ -333,7 +328,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* Converter<ResponseToken, Saml2Authentication> authenticationConverter =
* createDefaultResponseAuthenticationConverter();
- * provider.setResponseAuthenticationConverter(responseToken -> {
+ * provider.setResponseAuthenticationConverter(responseToken -> {
* Saml2Authentication authentication = authenticationConverter.convert(responseToken);
* User user = myUserRepository.findByUsername(authentication.getName());
* return new MyAuthentication(authentication, user);
diff --git a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
index 30f4eeea02..849a95a4c9 100644
--- a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
+++ b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java
@@ -47,7 +47,7 @@ import org.springframework.util.StringUtils;
* @author Josh Cummings
* @since 5.2
* @deprecated Because OpenSAML 3 has reached End-of-Life, please update to
- * {@link OpenSaml4AuthenticationRequestFactory}
+ * {@code OpenSaml4AuthenticationRequestFactory}
*/
public class OpenSamlAuthenticationRequestFactory implements Saml2AuthenticationRequestFactory {
@@ -162,7 +162,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
/**
* Set the {@link AuthnRequest} post-processor resolver
- * @param authenticationRequestContextConverter
+ * @param authenticationRequestContextConverter a strategy for creating an
+ * {@link AuthnRequest}
* @since 5.4
*/
public void setAuthenticationRequestContextConverter(
@@ -173,7 +174,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication
/**
* ' Use this {@link Clock} with {@link Instant#now()} for generating timestamps
- * @param clock
+ * @param clock the {@link Clock} to use
*/
public void setClock(Clock clock) {
Assert.notNull(clock, "clock cannot be null");
diff --git a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
index a4a48c6dd6..f66dbe8dc0 100644
--- a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
+++ b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
@@ -98,18 +98,15 @@ import org.springframework.util.StringUtils;
* {@link Saml2AuthenticationToken#getSaml2Response()} along with the information about
* the asserting party, the identity provider (IDP), as well as the relying party, the
* service provider (SP, this application).
- *
*
* The {@link Saml2AuthenticationToken} will be processed into a SAML Response object. The
* SAML response object can be signed. If the Response is signed, a signature will not be
* required on the assertion.
- *
*
* While a response object can contain a list of assertion, this provider will only
* leverage the first valid assertion for the purpose of authentication. Assertions that
* do not pass validation will be ignored. If no valid assertions are found a
* {@link Saml2AuthenticationException} is thrown.
- *
*
* This provider supports two types of encrypted SAML elements
*
@@ -120,11 +117,9 @@ import org.springframework.util.StringUtils;
*
* If the assertion is encrypted, then signature validation on the assertion is no longer
* required.
- *
*
* This provider does not perform an X509 certificate validation on the configured
* asserting party, IDP, verification certificates.
- *
*
* @author Josh Cummings
* @since 5.5
@@ -179,7 +174,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setResponseElementsDecrypter((responseToken) -> {
+ * provider.setResponseElementsDecrypter((responseToken) -> {
* DecrypterParameters parameters = new DecrypterParameters();
* // ... set parameters as needed
* Decrypter decrypter = new Decrypter(parameters);
@@ -200,7 +195,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* Converter<EncryptedAssertion, Assertion> myService = ...
- * provider.setResponseDecrypter((responseToken) -> {
+ * provider.setResponseDecrypter((responseToken) -> {
* Response response = responseToken.getResponse();
* response.getEncryptedAssertions().stream()
* .map(service::decrypt).forEach(response.getAssertions()::add);
@@ -226,7 +221,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setAssertionValidator(assertionToken -> {
+ * provider.setAssertionValidator(assertionToken -> {
* Saml2ResponseValidatorResult result = createDefaultAssertionValidator()
* .convert(assertionToken)
* return result.concat(myCustomValidator.convert(assertionToken));
@@ -239,7 +234,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* provider.setAssertionValidator(
- * createDefaultAssertionValidator(assertionToken -> {
+ * createDefaultAssertionValidator(assertionToken -> {
* Map<String, Object> params = new HashMap<>();
* params.put(CLOCK_SKEW, 2 * 60 * 1000);
* // other parameters
@@ -269,7 +264,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
- * provider.setResponseDecrypter((assertionToken) -> {
+ * provider.setResponseDecrypter((assertionToken) -> {
* DecrypterParameters parameters = new DecrypterParameters();
* // ... set parameters as needed
* Decrypter decrypter = new Decrypter(parameters);
@@ -289,7 +284,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* MyDecryptionService myService = ...
- * provider.setResponseDecrypter((responseToken) -> {
+ * provider.setResponseDecrypter((responseToken) -> {
* Assertion assertion = assertionToken.getAssertion();
* EncryptedID encrypted = assertion.getSubject().getEncryptedID();
* NameID name = myService.decrypt(encrypted);
@@ -315,7 +310,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
* OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
* Converter<ResponseToken, Saml2Authentication> authenticationConverter =
* createDefaultResponseAuthenticationConverter();
- * provider.setResponseAuthenticationConverter(responseToken -> {
+ * provider.setResponseAuthenticationConverter(responseToken -> {
* Saml2Authentication authentication = authenticationConverter.convert(responseToken);
* User user = myUserRepository.findByUsername(authentication.getName());
* return new MyAuthentication(authentication, user);