From 7da352129c964c25696b4907c7d03be53e1e8745 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Wed, 2 Jul 2025 17:48:43 -0600 Subject: [PATCH] Use PathPatternRequestMatcher in saml2 Issue gh-16887 --- .../saml2/Saml2LoginConfigurer.java | 19 +++++++++---------- .../saml2/Saml2LogoutConfigurer.java | 7 +++---- .../saml2/Saml2MetadataConfigurer.java | 5 ++--- .../saml2/Saml2LogoutConfigurerTests.java | 5 +++-- ...eOpenSamlAuthenticationTokenConverter.java | 8 ++++---- ...OpenSamlAuthenticationRequestResolver.java | 4 +++- .../Saml2WebSsoAuthenticationFilter.java | 8 ++++---- ...outRequestValidatorParametersResolver.java | 8 ++++---- .../logout/Saml2LogoutResponseFilter.java | 5 +++-- ...equestMatcherMetadataResponseResolver.java | 8 ++++---- .../OpenSamlAuthenticationTokenConverter.java | 8 ++++---- ...outRequestValidatorParametersResolver.java | 8 ++++---- ...ml4AuthenticationRequestResolverTests.java | 4 ++-- ...ml5AuthenticationRequestResolverTests.java | 4 ++-- .../service/web/Saml2MetadataFilterTests.java | 8 ++++---- .../Saml2WebSsoAuthenticationFilterTests.java | 4 ++-- 16 files changed, 57 insertions(+), 56 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java index e6d92ce33e..f1814ab90b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java @@ -29,7 +29,6 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.RequestMatcherFactory; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -237,7 +236,7 @@ public final class Saml2LoginConfigurer> this.authenticationRequestParams = new String[parts.length - 1]; System.arraycopy(parts, 1, this.authenticationRequestParams, 0, parts.length - 1); this.authenticationRequestMatcher = new PathQueryRequestMatcher( - RequestMatcherFactory.matcher(this.authenticationRequestUri), this.authenticationRequestParams); + getRequestMatcherBuilder().matcher(this.authenticationRequestUri), this.authenticationRequestParams); return this; } @@ -254,13 +253,13 @@ public final class Saml2LoginConfigurer> @Override public Saml2LoginConfigurer loginProcessingUrl(String loginProcessingUrl) { Assert.hasText(loginProcessingUrl, "loginProcessingUrl cannot be empty"); - this.loginProcessingUrl = RequestMatcherFactory.matcher(loginProcessingUrl); + this.loginProcessingUrl = getRequestMatcherBuilder().matcher(loginProcessingUrl); return this; } @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return RequestMatcherFactory.matcher(loginProcessingUrl); + return getRequestMatcherBuilder().matcher(loginProcessingUrl); } /** @@ -338,8 +337,8 @@ public final class Saml2LoginConfigurer> } private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) { - RequestMatcher loginPageMatcher = RequestMatcherFactory.matcher(this.getLoginPage()); - RequestMatcher faviconMatcher = RequestMatcherFactory.matcher("/favicon.ico"); + RequestMatcher loginPageMatcher = getRequestMatcherBuilder().matcher(this.getLoginPage()); + RequestMatcher faviconMatcher = getRequestMatcherBuilder().matcher("/favicon.ico"); RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http); RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher); @@ -393,9 +392,9 @@ public final class Saml2LoginConfigurer> private RequestMatcher getAuthenticationRequestMatcher() { if (this.authenticationRequestMatcher == null) { this.authenticationRequestMatcher = RequestMatchers.anyOf( - RequestMatcherFactory + getRequestMatcherBuilder() .matcher(Saml2AuthenticationRequestResolver.DEFAULT_AUTHENTICATION_REQUEST_URI), - new PathQueryRequestMatcher(RequestMatcherFactory.matcher(this.authenticationRequestUri), + new PathQueryRequestMatcher(getRequestMatcherBuilder().matcher(this.authenticationRequestUri), this.authenticationRequestParams)); } return this.authenticationRequestMatcher; @@ -404,8 +403,8 @@ public final class Saml2LoginConfigurer> private RequestMatcher getLoginProcessingEndpoint() { if (this.loginProcessingUrl == null) { this.loginProcessingUrl = RequestMatchers.anyOf( - RequestMatcherFactory.matcher(Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI), - RequestMatcherFactory.matcher("/login/saml2/sso")); + getRequestMatcherBuilder().matcher(Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI), + getRequestMatcherBuilder().matcher("/login/saml2/sso")); } return this.loginProcessingUrl; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java index 7ae92aafca..538f5a068c 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java @@ -27,7 +27,6 @@ import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.RequestMatcherFactory; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer; @@ -279,19 +278,19 @@ public final class Saml2LogoutConfigurer> } private RequestMatcher createLogoutMatcher() { - RequestMatcher logout = RequestMatcherFactory.matcher(HttpMethod.POST, this.logoutUrl); + RequestMatcher logout = getRequestMatcherBuilder().matcher(HttpMethod.POST, this.logoutUrl); RequestMatcher saml2 = new Saml2RequestMatcher(getSecurityContextHolderStrategy()); return new AndRequestMatcher(logout, saml2); } private RequestMatcher createLogoutRequestMatcher() { - RequestMatcher logout = RequestMatcherFactory.matcher(this.logoutRequestConfigurer.logoutUrl); + RequestMatcher logout = getRequestMatcherBuilder().matcher(this.logoutRequestConfigurer.logoutUrl); RequestMatcher samlRequest = new ParameterRequestMatcher("SAMLRequest"); return new AndRequestMatcher(logout, samlRequest); } private RequestMatcher createLogoutResponseMatcher() { - RequestMatcher logout = RequestMatcherFactory.matcher(this.logoutResponseConfigurer.logoutUrl); + RequestMatcher logout = getRequestMatcherBuilder().matcher(this.logoutResponseConfigurer.logoutUrl); RequestMatcher samlResponse = new ParameterRequestMatcher("SAMLResponse"); return new AndRequestMatcher(logout, samlResponse); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java index 5a822c9360..7b68c80ec8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java @@ -22,7 +22,6 @@ import org.opensaml.core.Version; import org.springframework.context.ApplicationContext; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.RequestMatcherFactory; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.saml2.provider.service.metadata.OpenSaml4MetadataResolver; @@ -111,12 +110,12 @@ public class Saml2MetadataConfigurer> if (USE_OPENSAML_5) { RequestMatcherMetadataResponseResolver metadata = new RequestMatcherMetadataResponseResolver( registrations, new OpenSaml5MetadataResolver()); - metadata.setRequestMatcher(RequestMatcherFactory.matcher(metadataUrl)); + metadata.setRequestMatcher(getRequestMatcherBuilder().matcher(metadataUrl)); return metadata; } RequestMatcherMetadataResponseResolver metadata = new RequestMatcherMetadataResponseResolver(registrations, new OpenSaml4MetadataResolver()); - metadata.setRequestMatcher(RequestMatcherFactory.matcher(metadataUrl)); + metadata.setRequestMatcher(getRequestMatcherBuilder().matcher(metadataUrl)); return metadata; }; return this; diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java index da8912c6ba..ed5265b957 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java @@ -38,6 +38,7 @@ import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; +import org.springframework.http.HttpMethod; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpSession; @@ -77,7 +78,6 @@ import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.servlet.TestMockHttpServletRequests; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.request.RequestPostProcessor; @@ -97,6 +97,7 @@ import static org.mockito.Mockito.spy; import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; @@ -620,7 +621,7 @@ public class Saml2LogoutConfigurerTests { .saml2Logout((saml2) -> saml2.addObjectPostProcessor(new ObjectPostProcessor() { @Override public O postProcess(O filter) { - filter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")); + filter.setLogoutRequestMatcher(pathPattern(HttpMethod.GET, "/logout")); return filter; } })); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java index e47ff4f48f..8cf9fdfe99 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java @@ -30,11 +30,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.web.authentication.AuthenticationConverter; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationConverter { static { @@ -45,9 +46,8 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo private final RelyingPartyRegistrationRepository registrations; - private RequestMatcher requestMatcher = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso")); + private RequestMatcher requestMatcher = new OrRequestMatcher(pathPattern("/login/saml2/sso/{registrationId}"), + pathPattern("/login/saml2/sso")); private Saml2AuthenticationRequestRepository authenticationRequests = new HttpSessionSaml2AuthenticationRequestRepository(); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/BaseOpenSamlAuthenticationRequestResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/BaseOpenSamlAuthenticationRequestResolver.java index 8f9da90ea5..6012687ea1 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/BaseOpenSamlAuthenticationRequestResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/BaseOpenSamlAuthenticationRequestResolver.java @@ -57,6 +57,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatchers; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * For internal use only. Intended for consolidating common behavior related to minting a * SAML 2.0 Authn Request. @@ -222,7 +224,7 @@ class BaseOpenSamlAuthenticationRequestResolver implements Saml2AuthenticationRe PathPatternQueryRequestMatcher(String path, String... params) { List matchers = new ArrayList<>(); - matchers.add(PathPatternRequestMatcher.withDefaults().matcher(path)); + matchers.add(pathPattern(path)); for (String param : params) { String[] parts = param.split("="); if (parts.length == 1) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java index 9c584a7501..d863100589 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java @@ -34,11 +34,12 @@ import org.springframework.security.saml2.provider.service.web.Saml2Authenticati import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * @since 5.2 */ @@ -47,8 +48,7 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/saml2/sso/{registrationId}"; private static final RequestMatcher DEFAULT_REQUEST_MATCHER = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI), - PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso")); + pathPattern(DEFAULT_FILTER_PROCESSES_URI), pathPattern("/login/saml2/sso")); private final AuthenticationConverter authenticationConverter; @@ -64,7 +64,7 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce */ public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) { this(relyingPartyRegistrationRepository, DEFAULT_FILTER_PROCESSES_URI); - RequestMatcher processUri = PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI); + RequestMatcher processUri = pathPattern(DEFAULT_FILTER_PROCESSES_URI); setRequiresAuthenticationRequestMatcher(processUri); } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java index 3fc54e88bf..c38baaff9f 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java @@ -33,11 +33,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * An OpenSAML-based implementation of * {@link Saml2LogoutRequestValidatorParametersResolver} @@ -53,9 +54,8 @@ final class BaseOpenSamlLogoutRequestValidatorParametersResolver private final RelyingPartyRegistrationRepository registrations; - private RequestMatcher requestMatcher = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher("/logout/saml2/slo/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/logout/saml2/slo")); + private RequestMatcher requestMatcher = new OrRequestMatcher(pathPattern("/logout/saml2/slo/{registrationId}"), + pathPattern("/logout/saml2/slo")); /** * Constructs a {@link BaseOpenSamlLogoutRequestValidatorParametersResolver} diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java index 0d858386c4..80b574ca89 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutResponseFilter.java @@ -41,11 +41,12 @@ import org.springframework.security.saml2.provider.service.web.RelyingPartyRegis import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * A filter for handling a <saml2:LogoutResponse> sent from the asserting party. A * <saml2:LogoutResponse> is sent in response to a <saml2:LogoutRequest> @@ -72,7 +73,7 @@ public final class Saml2LogoutResponseFilter extends OncePerRequestFilter { private Saml2LogoutRequestRepository logoutRequestRepository = new HttpSessionLogoutRequestRepository(); - private RequestMatcher logoutRequestMatcher = PathPatternRequestMatcher.withDefaults().matcher("/logout/saml2/slo"); + private RequestMatcher logoutRequestMatcher = pathPattern("/logout/saml2/slo"); public Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, LogoutSuccessHandler logoutSuccessHandler) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/RequestMatcherMetadataResponseResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/RequestMatcherMetadataResponseResolver.java index 91ee876b2e..b93415fecf 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/RequestMatcherMetadataResponseResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/metadata/RequestMatcherMetadataResponseResolver.java @@ -34,11 +34,12 @@ import org.springframework.security.saml2.provider.service.registration.Iterable import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * An implementation of {@link Saml2MetadataResponseResolver} that identifies which * {@link RelyingPartyRegistration}s to use with a {@link RequestMatcher} @@ -51,9 +52,8 @@ public class RequestMatcherMetadataResponseResolver implements Saml2MetadataResp private static final String DEFAULT_METADATA_FILENAME = "saml-{registrationId}-metadata.xml"; private RequestMatcher matcher = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher("/saml2/service-provider-metadata/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/saml2/metadata/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/saml2/metadata")); + pathPattern("/saml2/service-provider-metadata/{registrationId}"), + pathPattern("/saml2/metadata/{registrationId}"), pathPattern("/saml2/metadata")); private String filename = DEFAULT_METADATA_FILENAME; diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java index c680f93bb3..00475fa246 100644 --- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java @@ -32,11 +32,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.web.authentication.AuthenticationConverter; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * An {@link AuthenticationConverter} that generates a {@link Saml2AuthenticationToken} * appropriate for authenticated a SAML 2.0 Assertion against an @@ -58,9 +59,8 @@ public final class OpenSamlAuthenticationTokenConverter implements Authenticatio private final RelyingPartyRegistrationRepository registrations; - private RequestMatcher requestMatcher = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso")); + private RequestMatcher requestMatcher = new OrRequestMatcher(pathPattern("/login/saml2/sso/{registrationId}"), + pathPattern("/login/saml2/sso")); private Function loader; diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java index aae95e28c7..d9dd3de177 100644 --- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java +++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java @@ -36,11 +36,12 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * An OpenSAML-based implementation of * {@link Saml2LogoutRequestValidatorParametersResolver} @@ -57,9 +58,8 @@ public final class OpenSamlLogoutRequestValidatorParametersResolver OpenSamlInitializationService.initialize(); } - private RequestMatcher requestMatcher = new OrRequestMatcher( - PathPatternRequestMatcher.withDefaults().matcher("/logout/saml2/slo/{registrationId}"), - PathPatternRequestMatcher.withDefaults().matcher("/logout/saml2/slo")); + private RequestMatcher requestMatcher = new OrRequestMatcher(pathPattern("/logout/saml2/slo/{registrationId}"), + pathPattern("/logout/saml2/slo")); private final OpenSamlOperations saml = new OpenSaml4Template(); diff --git a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java index 4ca03be726..e3327a7864 100644 --- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java +++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java @@ -29,13 +29,13 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.web.servlet.TestMockHttpServletRequests; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; public class OpenSaml4AuthenticationRequestResolverTests { @@ -92,7 +92,7 @@ public class OpenSaml4AuthenticationRequestResolverTests { RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class); given(relyingParties.resolve(any(), any())).willReturn(this.registration); OpenSaml4AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(relyingParties); - resolver.setRequestMatcher(new AntPathRequestMatcher("/custom/authentication/{registrationId}")); + resolver.setRequestMatcher(pathPattern("/custom/authentication/{registrationId}")); Saml2RedirectAuthenticationRequest authnRequest = resolver .resolve(givenRequest("/custom/authentication/registration-id")); diff --git a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java index 8e4730c561..4f5ea826ea 100644 --- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java +++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java @@ -29,13 +29,13 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.web.servlet.TestMockHttpServletRequests; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; public class OpenSaml5AuthenticationRequestResolverTests { @@ -92,7 +92,7 @@ public class OpenSaml5AuthenticationRequestResolverTests { RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class); given(relyingParties.resolve(any(), any())).willReturn(this.registration); OpenSaml5AuthenticationRequestResolver resolver = new OpenSaml5AuthenticationRequestResolver(relyingParties); - resolver.setRequestMatcher(new AntPathRequestMatcher("/custom/authentication/{registrationId}")); + resolver.setRequestMatcher(pathPattern("/custom/authentication/{registrationId}")); Saml2RedirectAuthenticationRequest authnRequest = resolver .resolve(givenRequest("/custom/authentication/registration-id")); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java index a67fd80a0a..62dd251be4 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java @@ -34,7 +34,6 @@ import org.springframework.security.saml2.provider.service.metadata.Saml2Metadat import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -44,6 +43,7 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoInteractions; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests for {@link Saml2MetadataFilter} @@ -129,7 +129,7 @@ public class Saml2MetadataFilterTests { @Test public void doFilterWhenCustomRequestMatcherThenUses() throws Exception { MockHttpServletRequest request = uri("/path"); - this.filter.setRequestMatcher(new AntPathRequestMatcher("/path")); + this.filter.setRequestMatcher(pathPattern("/path")); this.filter.doFilter(request, this.response, this.chain); verifyNoInteractions(this.chain); verify(this.repository).findByRegistrationId("path"); @@ -159,7 +159,7 @@ public class Saml2MetadataFilterTests { RelyingPartyRegistrationResolver resolver = new DefaultRelyingPartyRegistrationResolver( (id) -> this.repository.findByRegistrationId("registration-id")); this.filter = new Saml2MetadataFilter(resolver, this.resolver); - this.filter.setRequestMatcher(new AntPathRequestMatcher("/metadata")); + this.filter.setRequestMatcher(pathPattern("/metadata")); MockHttpServletRequest request = uri("/metadata"); this.filter.doFilter(request, this.response, new MockFilterChain()); verify(this.repository).findByRegistrationId("registration-id"); @@ -173,7 +173,7 @@ public class Saml2MetadataFilterTests { given(this.resolver.resolve(any(RelyingPartyRegistration.class))).willReturn("metadata"); this.filter = new Saml2MetadataFilter((id) -> this.repository.findByRegistrationId("registration-id"), this.resolver); - this.filter.setRequestMatcher(new AntPathRequestMatcher("/metadata")); + this.filter.setRequestMatcher(pathPattern("/metadata")); MockHttpServletRequest request = uri("/metadata"); this.filter.doFilter(request, this.response, new MockFilterChain()); verify(this.repository).findByRegistrationId("registration-id"); diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java index 9e4b4d3269..24c2ad2283 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilterTests.java @@ -43,7 +43,6 @@ import org.springframework.security.saml2.provider.service.web.Saml2Authenticati import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter; import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.WebAuthenticationDetails; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import static org.assertj.core.api.Assertions.assertThat; @@ -54,6 +53,7 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoInteractions; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; public class Saml2WebSsoAuthenticationFilterTests { @@ -225,7 +225,7 @@ public class Saml2WebSsoAuthenticationFilterTests { given(this.repository.findByRegistrationId("registration-id")).willReturn(registration); given(this.authenticationManager.authenticate(authentication)).willReturn(authentication); String loginProcessingUrl = "/{registrationId}/login/saml2/sso"; - RequestMatcher matcher = new AntPathRequestMatcher(loginProcessingUrl); + RequestMatcher matcher = pathPattern(loginProcessingUrl); DefaultRelyingPartyRegistrationResolver delegate = new DefaultRelyingPartyRegistrationResolver(this.repository); RelyingPartyRegistrationResolver resolver = (request, id) -> { String registrationId = matcher.matcher(request).getVariables().get("registrationId");