From 61c80bcac5b491ff44a4f205abfaba764e2f34ce Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 20 Sep 2022 17:18:05 -0600 Subject: [PATCH] Move Saml2 Authentication Filters Closes gh-8819 --- .../web/builders/FilterOrderRegistration.java | 4 ++-- .../web/configurers/saml2/Saml2LoginConfigurer.java | 4 ++-- .../config/http/Saml2LoginBeanDefinitionParser.java | 4 ++-- .../security/config/annotation/web/Saml2DslTests.kt | 2 +- docs/modules/ROOT/pages/whats-new.adoc | 2 ++ .../authentication/Saml2AuthenticationToken.java | 11 +++++------ .../Saml2WebSsoAuthenticationRequestFilter.java | 4 +--- .../Saml2WebSsoAuthenticationFilter.java | 2 +- .../registration/RelyingPartyRegistrationTests.java | 2 +- .../registration/TestRelyingPartyRegistrations.java | 2 +- .../Saml2WebSsoAuthenticationRequestFilterTests.java | 3 +-- .../Saml2WebSsoAuthenticationFilterTests.java | 2 +- 12 files changed, 20 insertions(+), 22 deletions(-) rename saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/{servlet/filter => web}/Saml2WebSsoAuthenticationRequestFilter.java (96%) rename saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/{servlet/filter => web/authentication}/Saml2WebSsoAuthenticationFilter.java (98%) rename saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/{servlet/filter => web}/Saml2WebSsoAuthenticationRequestFilterTests.java (98%) rename saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/{servlet/filter => web/authentication}/Saml2WebSsoAuthenticationFilterTests.java (99%) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java index e2bc4aec55..c1442fa33f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterOrderRegistration.java @@ -85,7 +85,7 @@ final class FilterOrderRegistration { "org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter", order.next()); this.filterToOrder.put( - "org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter", + "org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter", order.next()); put(X509AuthenticationFilter.class, order.next()); put(AbstractPreAuthenticatedProcessingFilter.class, order.next()); @@ -93,7 +93,7 @@ final class FilterOrderRegistration { this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter", order.next()); this.filterToOrder.put( - "org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter", + "org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter", order.next()); put(UsernamePasswordAuthenticationFilter.class, order.next()); order.next(); // gh-8105 diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java index 642638ad9c..4b374cacce 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java @@ -33,15 +33,15 @@ import org.springframework.security.saml2.provider.service.authentication.Abstra import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter; import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository; import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter; +import org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter; import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver; import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver; +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint; diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java index 147166c471..b118dcdcce 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java @@ -39,8 +39,8 @@ import org.springframework.core.ResolvableType; import org.springframework.security.config.Elements; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter; +import org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter; +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt index 05537755ec..cf7d716e43 100644 --- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt @@ -40,7 +40,7 @@ import org.springframework.security.saml2.provider.service.registration.InMemory import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter import org.springframework.security.web.SecurityFilterChain import org.springframework.test.web.servlet.MockMvc import org.springframework.test.web.servlet.get diff --git a/docs/modules/ROOT/pages/whats-new.adoc b/docs/modules/ROOT/pages/whats-new.adoc index ceff3efb9f..6427aa891c 100644 --- a/docs/modules/ROOT/pages/whats-new.adoc +++ b/docs/modules/ROOT/pages/whats-new.adoc @@ -11,3 +11,5 @@ Use the OpenSaml 4 Support instead. * https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`. Instead use data storage to encrypt values. * https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default +* https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package +Reorganize imports diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java index 32832671c4..5f3ca73096 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java @@ -20,6 +20,7 @@ import java.util.Collections; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; import org.springframework.util.Assert; /** @@ -42,9 +43,8 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken { * Creates a {@link Saml2AuthenticationToken} with the provided parameters. * * Note that the given {@link RelyingPartyRegistration} should have all its templates - * resolved at this point. See - * {@link org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter} - * for an example of performing that resolution. + * resolved at this point. See {@link Saml2WebSsoAuthenticationFilter} for an example + * of performing that resolution. * @param relyingPartyRegistration the resolved {@link RelyingPartyRegistration} to * use * @param saml2Response the SAML 2.0 response to authenticate @@ -66,9 +66,8 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken { * Creates a {@link Saml2AuthenticationToken} with the provided parameters * * Note that the given {@link RelyingPartyRegistration} should have all its templates - * resolved at this point. See - * {@link org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter} - * for an example of performing that resolution. + * resolved at this point. See {@link Saml2WebSsoAuthenticationFilter} for an example + * of performing that resolution. * @param relyingPartyRegistration the resolved {@link RelyingPartyRegistration} to * use * @param saml2Response the SAML 2.0 response to authenticate diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java similarity index 96% rename from saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java rename to saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java index 70c59d44e4..6bd4d7debf 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.saml2.provider.service.servlet.filter; +package org.springframework.security.saml2.provider.service.web; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -30,8 +30,6 @@ import org.springframework.security.saml2.provider.service.authentication.Abstra import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; -import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository; -import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository; import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver; import org.springframework.util.Assert; import org.springframework.util.StringUtils; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java similarity index 98% rename from saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java rename to saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java index 801444b978..4affc10049 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.saml2.provider.service.servlet.filter; +package org.springframework.security.saml2.provider.service.web.authentication; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java index 87b6ecceae..dc202b4574 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java @@ -20,7 +20,7 @@ import org.junit.jupiter.api.Test; import org.springframework.security.saml2.core.Saml2X509Credential; import org.springframework.security.saml2.core.TestSaml2X509Credentials; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; import static org.assertj.core.api.Assertions.assertThat; diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java index e8637ed8f9..e5f658f52f 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java @@ -18,7 +18,7 @@ package org.springframework.security.saml2.provider.service.registration; import org.springframework.security.saml2.core.Saml2X509Credential; import org.springframework.security.saml2.credentials.TestSaml2X509Credentials; -import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; +import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; /** * Preconfigured test data for {@link RelyingPartyRegistration} objects diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java similarity index 98% rename from saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java rename to saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java index 4462d9965e..3544a65b7b 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.saml2.provider.service.servlet.filter; +package org.springframework.security.saml2.provider.service.web; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -37,7 +37,6 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations; -import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository; import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver; import org.springframework.web.util.HtmlUtils; import org.springframework.web.util.UriUtils; diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java similarity index 99% rename from saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java rename to saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java index b12069ec1b..5787a74267 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.saml2.provider.service.servlet.filter; +package org.springframework.security.saml2.provider.service.web.authentication; import jakarta.servlet.http.HttpServletResponse; import org.junit.jupiter.api.Assertions;