Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-06 18:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix SAML 2.0 Javaconfig Sample

Browse Source 
Issue gh-9362
This commit is contained in:
Josh Cummings 2021-01-22 11:18:12 -07:00
parent 02e13dc93e
commit 7aeda7c8d8
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
4 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
samples/javaconfig/saml2login/spring-security-samples-javaconfig-saml2-login.gradle
View File

@ -5,6 +5,7 @@ dependencies {
compile project(':spring-security-config') compile project(':spring-security-config')
compile "org.bouncycastle:bcprov-jdk15on" compile "org.bouncycastle:bcprov-jdk15on"
compile "org.bouncycastle:bcpkix-jdk15on" compile "org.bouncycastle:bcpkix-jdk15on"
compile slf4jDependencies
testCompile project(':spring-security-test') testCompile project(':spring-security-test')
} }

4
samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
View File

@ -27,6 +27,10 @@ import org.springframework.security.web.session.HttpSessionEventPublisher;
public class MessageSecurityWebApplicationInitializer extends public class MessageSecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer { AbstractSecurityWebApplicationInitializer {
public MessageSecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
@Override @Override
protected boolean enableHttpSessionEventPublisher() { protected boolean enableHttpSessionEventPublisher() {
return true; return true;

19
samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
View File

@ -15,6 +15,8 @@
*/ */
package org.springframework.security.samples.config; package org.springframework.security.samples.config;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -23,6 +25,7 @@ import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.credentials.Saml2X509Credential; import org.springframework.security.saml2.credentials.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
@ -39,7 +42,8 @@ import static org.springframework.security.saml2.credentials.Saml2X509Credential
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig extends WebSecurityConfigurerAdapter {
RelyingPartyRegistration getSaml2AuthenticationConfiguration() throws Exception { @Bean
RelyingPartyRegistrationRepository getSaml2AuthenticationConfiguration() throws Exception {
//remote IDP entity ID //remote IDP entity ID
String idpEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php"; String idpEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
//remote WebSSO Endpoint - Where to Send AuthNRequests to //remote WebSSO Endpoint - Where to Send AuthNRequests to
@ -53,14 +57,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
//IDP certificate for verification of incoming messages //IDP certificate for verification of incoming messages
Saml2X509Credential idpVerificationCertificate = getVerificationCertificate(); Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
String acsUrlTemplate = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; String acsUrlTemplate = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
return RelyingPartyRegistration.withRegistrationId(registrationId) return new InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration.withRegistrationId(registrationId)
.providerDetails(config -> config.entityId(idpEntityId)) .providerDetails(config -> config.entityId(idpEntityId))
.providerDetails(config -> config.webSsoUrl(webSsoEndpoint)) .providerDetails(config -> config.webSsoUrl(webSsoEndpoint))
.credentials(c -> c.add(signingCredential)) .credentials(c -> c.add(signingCredential))
.credentials(c -> c.add(idpVerificationCertificate)) .credentials(c -> c.add(idpVerificationCertificate))
.localEntityIdTemplate(localEntityIdTemplate) .localEntityIdTemplate(localEntityIdTemplate)
.assertionConsumerServiceUrlTemplate(acsUrlTemplate) .assertionConsumerServiceUrlTemplate(acsUrlTemplate)
.build(); .build());
} }
@Override @Override
@ -70,14 +74,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.authorizeRequests() .authorizeRequests()
.anyRequest().authenticated() .anyRequest().authenticated()
.and() .and()
.saml2Login() .saml2Login();
.relyingPartyRegistrationRepository(
new InMemoryRelyingPartyRegistrationRepository(
getSaml2AuthenticationConfiguration()
)
)
.loginProcessingUrl("/sample/jc/saml2/sso/{registrationId}")
;
// @formatter:on // @formatter:on
} }

12
samples/javaconfig/saml2login/src/main/resources/logback.xml Normal file
View File

@ -0,0 +1,12 @@
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<root level="WARN">
<appender-ref ref="STDOUT" />
</root>
</configuration>