Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.1.x' 

Closes gh-13656
This commit is contained in:
Josh Cummings 2023-08-16 17:54:55 -06:00
parent 3ba5cc0e40 d2d1f19133
commit 8d58113b61
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
View File

@ -270,6 +270,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
}
}
this.initDefaultLoginFilter(http);
if (this.authenticationManager == null) {
registerDefaultAuthenticationProvider(http);
}
}
/**
@ -285,10 +288,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
http.addFilter(postProcess(filter));
super.configure(http);
if (this.authenticationManager == null) {
registerDefaultAuthenticationProvider(http);
}
else {
if (this.authenticationManager != null) {
this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
}
}
@ -361,8 +361,11 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
}
private void registerDefaultAuthenticationProvider(B http) {
OpenSaml4AuthenticationProvider provider = getBeanOrNull(http, OpenSaml4AuthenticationProvider.class);
if (provider == null) {
http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
}
}
private void registerDefaultCsrfOverride(B http) {
CsrfConfigurer<B> csrf = http.getConfigurer(CsrfConfigurer.class);

34
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
View File

@ -50,6 +50,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
@ -68,6 +69,7 @@ import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2Utils;
import org.springframework.security.saml2.core.TestSaml2X509Credentials;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@ -390,6 +392,15 @@ public class Saml2LoginConfigurerTests {
.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
}
@Test
public void saml2LoginWhenCustomAuthenticationProviderThenUses() throws Exception {
this.spring.register(CustomAuthenticationProviderConfig.class).autowire();
AuthenticationProvider provider = this.spring.getContext().getBean(AuthenticationProvider.class);
this.mvc.perform(post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE))
.andExpect(status().isFound());
verify(provider).authenticate(any());
}
private void performSaml2Login(String expected) throws IOException, ServletException {
// setup authentication parameters
this.request.setRequestURI("/login/saml2/sso/registration-id");
@ -700,6 +711,29 @@ public class Saml2LoginConfigurerTests {
}
@Configuration
@EnableWebSecurity
@EnableWebMvc
@Import(Saml2LoginConfigBeans.class)
static class CustomAuthenticationProviderConfig {
private final OpenSaml4AuthenticationProvider provider = spy(new OpenSaml4AuthenticationProvider());
@Bean
SecurityFilterChain web(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
.saml2Login(Customizer.withDefaults());
return http.build();
}
@Bean
AuthenticationProvider provider() {
return this.provider;
}
}
static class Saml2LoginConfigBeans {
@Bean