diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java index a923760be1..0b2645fe98 100644 --- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java +++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/OpenSamlInitializationService.java @@ -52,7 +52,7 @@ import org.springframework.security.saml2.Saml2Exception; * *
* static {
- * OpenSamlInitializationService.requireInitialize((registry) -> {
+ * OpenSamlInitializationService.requireInitialize((registry) -> {
* registry.setParserPool(...);
* registry.getBuilderFactory().registerBuilder(...);
* });
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index 4fde34733c..a8126d26bd 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -85,6 +85,7 @@ public final class Saml2X509Credential {
/**
* Create a {@link Saml2X509Credential} that can be used for encryption.
* @param certificate the certificate to use for encryption
+ * @return an encrypting {@link Saml2X509Credential}
*/
public static Saml2X509Credential encryption(X509Certificate certificate) {
return new Saml2X509Credential(certificate, Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
@@ -93,6 +94,7 @@ public final class Saml2X509Credential {
/**
* Create a {@link Saml2X509Credential} that can be used for verification.
* @param certificate the certificate to use for verification
+ * @return a verifying {@link Saml2X509Credential}
*/
public static Saml2X509Credential verification(X509Certificate certificate) {
return new Saml2X509Credential(certificate, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
@@ -102,6 +104,7 @@ public final class Saml2X509Credential {
* Create a {@link Saml2X509Credential} that can be used for decryption.
* @param privateKey the private key to use for decryption
* @param certificate the certificate to use for decryption
+ * @return an decrypting {@link Saml2X509Credential}
*/
public static Saml2X509Credential decryption(PrivateKey privateKey, X509Certificate certificate) {
return new Saml2X509Credential(privateKey, certificate, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
@@ -111,6 +114,7 @@ public final class Saml2X509Credential {
* Create a {@link Saml2X509Credential} that can be used for signing.
* @param privateKey the private key to use for signing
* @param certificate the certificate to use for signing
+ * @return a signing {@link Saml2X509Credential}
*/
public static Saml2X509Credential signing(PrivateKey privateKey, X509Certificate certificate) {
return new Saml2X509Credential(privateKey, certificate, Saml2X509Credential.Saml2X509CredentialType.SIGNING);
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
index 1cac7d9fb5..8007cbca9d 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java
@@ -100,7 +100,8 @@ public final class Saml2AuthenticationRequest {
}
/**
- * A builder for {@link Saml2AuthenticationRequest}. returns a builder object
+ * A builder for {@link Saml2AuthenticationRequest}.
+ * @return a {@link Builder} for constructing a {@link Saml2AuthenticationRequest}
*/
public static Builder builder() {
return new Builder();
@@ -109,6 +110,7 @@ public final class Saml2AuthenticationRequest {
/**
* A builder for {@link Saml2AuthenticationRequest}.
* @param context a context object to copy values from. returns a builder object
+ * @return a {@link Builder} for constructing a {@link Saml2AuthenticationRequest}
*/
public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) {
return new Builder().assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl())
@@ -148,7 +150,7 @@ public final class Saml2AuthenticationRequest {
* request. For example:
* Saml2X509Credential credential = ...;
* return Saml2AuthenticationRequest.withLocalSpEntityId("id")
- * .credentials((c) -> c.add(credential))
+ * .credentials((c) -> c.add(credential))
* ...
* .build();
*
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 3af9371561..320bfe35b5 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -59,11 +59,11 @@ import org.springframework.util.Assert;
* RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
* .entityId(relyingPartyEntityId)
* .assertionConsumerServiceLocation(assertingConsumerServiceLocation)
- * .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
- * .assertingPartyDetails((details) -> details
+ * .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
+ * .assertingPartyDetails((details) -> details
* .entityId(assertingPartyEntityId));
* .singleSignOnServiceLocation(singleSignOnServiceLocation))
- * .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
+ * .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
* .build();
*
*
@@ -857,6 +857,7 @@ public final class RelyingPartyRegistration {
* This value may contain a number of placeholders. They are {@code baseUrl},
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}.
+ * @param entityId the relying party's EntityID
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -906,7 +907,7 @@ public final class RelyingPartyRegistration {
* This value may contain a number of placeholders. They are {@code baseUrl},
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}.
- * @param assertionConsumerServiceLocation
+ * @param assertionConsumerServiceLocation the AssertionConsumerService location
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -923,7 +924,7 @@ public final class RelyingPartyRegistration {
*
* Equivalent to the value found in <AssertionConsumerService
* Binding="..."/> in the relying party's <SPSSODescriptor>
- * @param assertionConsumerServiceBinding
+ * @param assertionConsumerServiceBinding the AssertionConsumerService binding
* @return the {@link Builder} for further configuration
* @since 5.4
*/
@@ -948,7 +949,7 @@ public final class RelyingPartyRegistration {
* communication between IDP and SP For example:
* Saml2X509Credential credential = ...;
* return RelyingPartyRegistration.withRegistrationId("id")
- * .credentials((c) -> c.add(credential))
+ * .credentials((c) -> c.add(credential))
* ...
* .build();
*
@@ -1018,6 +1019,7 @@ public final class RelyingPartyRegistration {
* {@code registrationId}, {@code baseScheme}, {@code baseHost}, and
* {@code basePort}, for example
* {@code {baseUrl}/saml2/service-provider-metadata/{registrationId}}
+ * @param template the entity id
* @return a string containing the entity ID or entity ID template
* @deprecated Use {@link #entityId} instead
*/
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
index 026296e9e8..453101489c 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
@@ -113,6 +113,8 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
* parameters
* @param authenticationRequestContextResolver a strategy for formulating a
* {@link Saml2AuthenticationRequestContext}
+ * @param authenticationRequestFactory strategy for formulating a
+ * <saml2:AuthnRequest>
* @since 5.4
*/
public Saml2WebSsoAuthenticationRequestFilter(
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index 25f4fe5f73..57ec493bc8 100644
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -95,7 +95,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
/**
* Set the {@link RequestMatcher} that determines whether this filter should handle
* the incoming {@link HttpServletRequest}
- * @param requestMatcher
+ * @param requestMatcher the {@link RequestMatcher} to identify requests for metadata
*/
public void setRequestMatcher(RequestMatcher requestMatcher) {
Assert.notNull(requestMatcher, "requestMatcher cannot be null");
@@ -106,7 +106,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
* Sets the metadata filename template containing the {@code {registrationId}}
* template variable.
*
- *
+ *
* The default value is {@code saml-{registrationId}-metadata.xml} * @param metadataFilename metadata filename, must contain a {registrationId} * @since 5.5 diff --git a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java index 2a8c3a5f26..e8531b1d39 100644 --- a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java +++ b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java @@ -103,18 +103,15 @@ import org.springframework.util.StringUtils; * {@link Saml2AuthenticationToken#getSaml2Response()} along with the information about * the asserting party, the identity provider (IDP), as well as the relying party, the * service provider (SP, this application). - *
** The {@link Saml2AuthenticationToken} will be processed into a SAML Response object. The * SAML response object can be signed. If the Response is signed, a signature will not be * required on the assertion. - *
** While a response object can contain a list of assertion, this provider will only * leverage the first valid assertion for the purpose of authentication. Assertions that * do not pass validation will be ignored. If no valid assertions are found a * {@link Saml2AuthenticationException} is thrown. - *
** This provider supports two types of encrypted SAML elements *
* This provider does not perform an X509 certificate validation on the configured * asserting party, IDP, verification certificates. - *
* * @author Ryan Cassar * @since 5.2 @@ -138,7 +133,7 @@ import org.springframework.util.StringUtils; * StatusResponse * @see OpenSAML 3 * @deprecated Because OpenSAML 3 has reached End-of-Life, please update to - * {@link OpenSaml4AuthenticationProvider} + * {@code OpenSaml4AuthenticationProvider} */ public final class OpenSamlAuthenticationProvider implements AuthenticationProvider { @@ -195,7 +190,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setResponseElementsDecrypter((responseToken) -> { + * provider.setResponseElementsDecrypter((responseToken) -> { * DecrypterParameters parameters = new DecrypterParameters(); * // ... set parameters as needed * Decrypter decrypter = new Decrypter(parameters); @@ -216,7 +211,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * Converter<EncryptedAssertion, Assertion> myService = ... - * provider.setResponseDecrypter((responseToken) -> { + * provider.setResponseDecrypter((responseToken) -> { * Response response = responseToken.getResponse(); * response.getEncryptedAssertions().stream() * .map(service::decrypt).forEach(response.getAssertions()::add); @@ -242,7 +237,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setAssertionValidator(assertionToken -> { + * provider.setAssertionValidator(assertionToken -> { * Saml2ResponseValidatorResult result = createDefaultAssertionValidator() * .convert(assertionToken) * return result.concat(myCustomValidator.convert(assertionToken)); @@ -255,7 +250,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * provider.setAssertionValidator( - * createDefaultAssertionValidator(assertionToken -> { + * createDefaultAssertionValidator(assertionToken -> { * Map<String, Object> params = new HashMap<>(); * params.put(CLOCK_SKEW, 2 * 60 * 1000); * // other parameters @@ -271,7 +266,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * step from this validator. * * This method takes precedence over {@link #setResponseTimeValidationSkew}. - * @param assertionValidator + * @param assertionValidator the strategy for validating a given assertion * @since 5.4 */ public void setAssertionValidator(ConverterassertionValidator) { @@ -287,7 +282,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * * * OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setResponseDecrypter((assertionToken) -> { + * provider.setResponseDecrypter((assertionToken) -> { * DecrypterParameters parameters = new DecrypterParameters(); * // ... set parameters as needed * Decrypter decrypter = new Decrypter(parameters); @@ -307,7 +302,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * MyDecryptionService myService = ... - * provider.setResponseDecrypter((responseToken) -> { + * provider.setResponseDecrypter((responseToken) -> { * Assertion assertion = assertionToken.getAssertion(); * EncryptedID encrypted = assertion.getSubject().getEncryptedID(); * NameID name = myService.decrypt(encrypted); @@ -333,7 +328,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi * OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * Converter<ResponseToken, Saml2Authentication> authenticationConverter = * createDefaultResponseAuthenticationConverter(); - * provider.setResponseAuthenticationConverter(responseToken -> { + * provider.setResponseAuthenticationConverter(responseToken -> { * Saml2Authentication authentication = authenticationConverter.convert(responseToken); * User user = myUserRepository.findByUsername(authentication.getName()); * return new MyAuthentication(authentication, user); diff --git a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java index 30f4eeea02..849a95a4c9 100644 --- a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java +++ b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java @@ -47,7 +47,7 @@ import org.springframework.util.StringUtils; * @author Josh Cummings * @since 5.2 * @deprecated Because OpenSAML 3 has reached End-of-Life, please update to - * {@link OpenSaml4AuthenticationRequestFactory} + * {@code OpenSaml4AuthenticationRequestFactory} */ public class OpenSamlAuthenticationRequestFactory implements Saml2AuthenticationRequestFactory { @@ -162,7 +162,8 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication /** * Set the {@link AuthnRequest} post-processor resolver - * @param authenticationRequestContextConverter + * @param authenticationRequestContextConverter a strategy for creating an + * {@link AuthnRequest} * @since 5.4 */ public void setAuthenticationRequestContextConverter( @@ -173,7 +174,7 @@ public class OpenSamlAuthenticationRequestFactory implements Saml2Authentication /** * ' Use this {@link Clock} with {@link Instant#now()} for generating timestamps - * @param clock + * @param clock the {@link Clock} to use */ public void setClock(Clock clock) { Assert.notNull(clock, "clock cannot be null"); diff --git a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java index a4a48c6dd6..f66dbe8dc0 100644 --- a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java +++ b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java @@ -98,18 +98,15 @@ import org.springframework.util.StringUtils; * {@link Saml2AuthenticationToken#getSaml2Response()} along with the information about * the asserting party, the identity provider (IDP), as well as the relying party, the * service provider (SP, this application). - * ** The {@link Saml2AuthenticationToken} will be processed into a SAML Response object. The * SAML response object can be signed. If the Response is signed, a signature will not be * required on the assertion. - *
** While a response object can contain a list of assertion, this provider will only * leverage the first valid assertion for the purpose of authentication. Assertions that * do not pass validation will be ignored. If no valid assertions are found a * {@link Saml2AuthenticationException} is thrown. - *
** This provider supports two types of encrypted SAML elements *
@@ -120,11 +117,9 @@ import org.springframework.util.StringUtils; *
* If the assertion is encrypted, then signature validation on the assertion is no longer * required. - * ** This provider does not perform an X509 certificate validation on the configured * asserting party, IDP, verification certificates. - *
* * @author Josh Cummings * @since 5.5 @@ -179,7 +174,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv * ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setResponseElementsDecrypter((responseToken) -> { + * provider.setResponseElementsDecrypter((responseToken) -> { * DecrypterParameters parameters = new DecrypterParameters(); * // ... set parameters as needed * Decrypter decrypter = new Decrypter(parameters); @@ -200,7 +195,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * Converter<EncryptedAssertion, Assertion> myService = ... - * provider.setResponseDecrypter((responseToken) -> { + * provider.setResponseDecrypter((responseToken) -> { * Response response = responseToken.getResponse(); * response.getEncryptedAssertions().stream() * .map(service::decrypt).forEach(response.getAssertions()::add); @@ -226,7 +221,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv * ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setAssertionValidator(assertionToken -> { + * provider.setAssertionValidator(assertionToken -> { * Saml2ResponseValidatorResult result = createDefaultAssertionValidator() * .convert(assertionToken) * return result.concat(myCustomValidator.convert(assertionToken)); @@ -239,7 +234,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * provider.setAssertionValidator( - * createDefaultAssertionValidator(assertionToken -> { + * createDefaultAssertionValidator(assertionToken -> { * Map<String, Object> params = new HashMap<>(); * params.put(CLOCK_SKEW, 2 * 60 * 1000); * // other parameters @@ -269,7 +264,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv * ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); - * provider.setResponseDecrypter((assertionToken) -> { + * provider.setResponseDecrypter((assertionToken) -> { * DecrypterParameters parameters = new DecrypterParameters(); * // ... set parameters as needed * Decrypter decrypter = new Decrypter(parameters); @@ -289,7 +284,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv ** OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * MyDecryptionService myService = ... - * provider.setResponseDecrypter((responseToken) -> { + * provider.setResponseDecrypter((responseToken) -> { * Assertion assertion = assertionToken.getAssertion(); * EncryptedID encrypted = assertion.getSubject().getEncryptedID(); * NameID name = myService.decrypt(encrypted); @@ -315,7 +310,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv * OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider(); * Converter<ResponseToken, Saml2Authentication> authenticationConverter = * createDefaultResponseAuthenticationConverter(); - * provider.setResponseAuthenticationConverter(responseToken -> { + * provider.setResponseAuthenticationConverter(responseToken -> { * Saml2Authentication authentication = authenticationConverter.convert(responseToken); * User user = myUserRepository.findByUsername(authentication.getName()); * return new MyAuthentication(authentication, user);