From 7aeda7c8d8e24cf9c947f54bb596f25078601ad4 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 22 Jan 2021 11:18:12 -0700 Subject: [PATCH] Fix SAML 2.0 Javaconfig Sample Issue gh-9362 --- ...rity-samples-javaconfig-saml2-login.gradle | 1 + ...sageSecurityWebApplicationInitializer.java | 4 ++++ .../samples/config/SecurityConfig.java | 19 ++++++++----------- .../saml2login/src/main/resources/logback.xml | 12 ++++++++++++ 4 files changed, 25 insertions(+), 11 deletions(-) create mode 100644 samples/javaconfig/saml2login/src/main/resources/logback.xml diff --git a/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle b/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle index baa1385e4c..3ca4ac602d 100644 --- a/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle +++ b/samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle @@ -5,6 +5,7 @@ dependencies { compile project(':spring-security-config') compile "org.bouncycastle:bcprov-jdk15on" compile "org.bouncycastle:bcpkix-jdk15on" + compile slf4jDependencies testCompile project(':spring-security-test') } diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java index 7de3308deb..2ad78bd231 100644 --- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java +++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java @@ -27,6 +27,10 @@ import org.springframework.security.web.session.HttpSessionEventPublisher; public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { + public MessageSecurityWebApplicationInitializer() { + super(SecurityConfig.class); + } + @Override protected boolean enableHttpSessionEventPublisher() { return true; diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 6acdca5bd6..7d34707887 100644 --- a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -15,6 +15,8 @@ */ package org.springframework.security.samples.config; + +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -23,6 +25,7 @@ import org.springframework.security.converter.RsaKeyConverters; import org.springframework.security.saml2.credentials.Saml2X509Credential; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; +import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; import java.io.ByteArrayInputStream; @@ -39,7 +42,8 @@ import static org.springframework.security.saml2.credentials.Saml2X509Credential @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { - RelyingPartyRegistration getSaml2AuthenticationConfiguration() throws Exception { + @Bean + RelyingPartyRegistrationRepository getSaml2AuthenticationConfiguration() throws Exception { //remote IDP entity ID String idpEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php"; //remote WebSSO Endpoint - Where to Send AuthNRequests to @@ -53,14 +57,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { //IDP certificate for verification of incoming messages Saml2X509Credential idpVerificationCertificate = getVerificationCertificate(); String acsUrlTemplate = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; - return RelyingPartyRegistration.withRegistrationId(registrationId) + return new InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration.withRegistrationId(registrationId) .providerDetails(config -> config.entityId(idpEntityId)) .providerDetails(config -> config.webSsoUrl(webSsoEndpoint)) .credentials(c -> c.add(signingCredential)) .credentials(c -> c.add(idpVerificationCertificate)) .localEntityIdTemplate(localEntityIdTemplate) .assertionConsumerServiceUrlTemplate(acsUrlTemplate) - .build(); + .build()); } @Override @@ -70,14 +74,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .authorizeRequests() .anyRequest().authenticated() .and() - .saml2Login() - .relyingPartyRegistrationRepository( - new InMemoryRelyingPartyRegistrationRepository( - getSaml2AuthenticationConfiguration() - ) - ) - .loginProcessingUrl("/sample/jc/saml2/sso/{registrationId}") - ; + .saml2Login(); // @formatter:on } diff --git a/samples/javaconfig/saml2login/src/main/resources/logback.xml b/samples/javaconfig/saml2login/src/main/resources/logback.xml new file mode 100644 index 0000000000..3ebbcc0ddd --- /dev/null +++ b/samples/javaconfig/saml2login/src/main/resources/logback.xml @@ -0,0 +1,12 @@ + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + +