Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-06 02:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate Saml2AuthenticationRequestFilter Constructor

Browse Source 
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.

Fixes gh-8359
This commit is contained in:
Josh Cummings 2020-04-08 14:48:06 -06:00
parent 887cb99926
commit 711954e016
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
3 changed files with 50 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
View File

@ -16,6 +16,10 @@
package org.springframework.security.config.annotation.web.configurers.saml2; package org.springframework.security.config.annotation.web.configurers.saml2;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.springframework.beans.factory.NoSuchBeanDefinitionException; import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@ -37,10 +41,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import static org.springframework.util.StringUtils.hasText; import static org.springframework.util.StringUtils.hasText;
/** /**
@ -323,10 +323,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extend
private Filter build(B http) { private Filter build(B http) {
Saml2AuthenticationRequestFactory authenticationRequestResolver = getResolver(http); Saml2AuthenticationRequestFactory authenticationRequestResolver = getResolver(http);
Saml2WebSsoAuthenticationRequestFilter authenticationRequestFilter = return new Saml2WebSsoAuthenticationRequestFilter(
new Saml2WebSsoAuthenticationRequestFilter(Saml2LoginConfigurer.this.relyingPartyRegistrationRepository); Saml2LoginConfigurer.this.relyingPartyRegistrationRepository,
authenticationRequestFilter.setAuthenticationRequestFactory(authenticationRequestResolver); authenticationRequestResolver);
return authenticationRequestFilter;
} }
private Saml2AuthenticationRequestFactory getResolver(B http) { private Saml2AuthenticationRequestFactory getResolver(B http) {

22
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.java
View File

@ -24,7 +24,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
@ -71,24 +70,43 @@ import static org.springframework.util.StringUtils.hasText;
public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter { public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter {
private final RelyingPartyRegistrationRepository relyingPartyRegistrationRepository; private final RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
private Saml2AuthenticationRequestFactory authenticationRequestFactory;
private RequestMatcher redirectMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}"); private RequestMatcher redirectMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}");
private Saml2AuthenticationRequestFactory authenticationRequestFactory = new OpenSamlAuthenticationRequestFactory();
/** /**
* Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided parameters * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided parameters
* *
* @param relyingPartyRegistrationRepository a repository for relying party configurations * @param relyingPartyRegistrationRepository a repository for relying party configurations
* @deprecated use the constructor that takes a {@link Saml2AuthenticationRequestFactory}
*/ */
@Deprecated
public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) { public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
this(relyingPartyRegistrationRepository,
new org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory());
}
/**
* Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the provided parameters
*
* @param relyingPartyRegistrationRepository a repository for relying party configurations
* @since 5.4
*/
public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
Saml2AuthenticationRequestFactory authenticationRequestFactory) {
Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null"); Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
Assert.notNull(authenticationRequestFactory, "authenticationRequestFactory cannot be null");
this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository; this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
this.authenticationRequestFactory = authenticationRequestFactory;
} }
/** /**
* Use the given {@link Saml2AuthenticationRequestFactory} for formulating the SAML 2.0 AuthnRequest * Use the given {@link Saml2AuthenticationRequestFactory} for formulating the SAML 2.0 AuthnRequest
* *
* @param authenticationRequestFactory the {@link Saml2AuthenticationRequestFactory} to use * @param authenticationRequestFactory the {@link Saml2AuthenticationRequestFactory} to use
* @deprecated use the constructor instead
*/ */
@Deprecated
public void setAuthenticationRequestFactory(Saml2AuthenticationRequestFactory authenticationRequestFactory) { public void setAuthenticationRequestFactory(Saml2AuthenticationRequestFactory authenticationRequestFactory) {
Assert.notNull(authenticationRequestFactory, "authenticationRequestFactory cannot be null"); Assert.notNull(authenticationRequestFactory, "authenticationRequestFactory cannot be null");
this.authenticationRequestFactory = authenticationRequestFactory; this.authenticationRequestFactory = authenticationRequestFactory;

23
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilterTests.java
View File

@ -179,6 +179,29 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
verify(this.factory).createPostAuthenticationRequest(any()); verify(this.factory).createPostAuthenticationRequest(any());
} }
@Test
public void doFilterWhenCustomAuthenticationRequestFactoryThenUses() throws Exception {
RelyingPartyRegistration relyingParty = this.rpBuilder
.providerDetails(c -> c.binding(POST))
.build();
Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
when(authenticationRequest.getAuthenticationRequestUri()).thenReturn("uri");
when(authenticationRequest.getRelayState()).thenReturn("relay");
when(authenticationRequest.getSamlRequest()).thenReturn("saml");
when(this.repository.findByRegistrationId("registration-id")).thenReturn(relyingParty);
when(this.factory.createPostAuthenticationRequest(any()))
.thenReturn(authenticationRequest);
Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter
(this.repository, this.factory);
filter.doFilterInternal(this.request, this.response, this.filterChain);
assertThat(this.response.getContentAsString())
.contains("<form action=\"uri\" method=\"post\">")
.contains("<input type=\"hidden\" name=\"SAMLRequest\" value=\"saml\"")
.contains("<input type=\"hidden\" name=\"RelayState\" value=\"relay\"");
verify(this.factory).createPostAuthenticationRequest(any());
}
@Test @Test
public void setRequestMatcherWhenNullThenException() { public void setRequestMatcherWhenNullThenException() {
Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter