Polish Saml2WebSsoAuthenticationRequestFilter
- Updated formatting - Reordered methods - Removed a method These changes will hopefully simplify future contribution. Issue gh-6019
This commit is contained in:
Josh Cummings
parent
711954e016
commit
95f0d02d79
|
|
@ -35,14 +35,13 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher.MatchResult;
|
import org.springframework.security.web.util.matcher.RequestMatcher.MatchResult;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
import org.springframework.web.util.HtmlUtils;
|
import org.springframework.web.util.HtmlUtils;
|
||||||
import org.springframework.web.util.UriComponentsBuilder;
|
import org.springframework.web.util.UriComponentsBuilder;
|
||||||
import org.springframework.web.util.UriUtils;
|
import org.springframework.web.util.UriUtils;
|
||||||
|
|
||||||
import static java.lang.String.format;
|
|
||||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||||
import static org.springframework.util.StringUtils.hasText;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This {@code Filter} formulates a
|
* This {@code Filter} formulates a
|
||||||
|
|
@ -128,6 +127,7 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
|
||||||
@Override
|
@Override
|
||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
|
|
||||||
MatchResult matcher = this.redirectMatcher.matcher(request);
|
MatchResult matcher = this.redirectMatcher.matcher(request);
|
||||||
if (!matcher.isMatch()) {
|
if (!matcher.isMatch()) {
|
||||||
filterChain.doFilter(request, response);
|
filterChain.doFilter(request, response);
|
||||||
|
|
@ -135,65 +135,28 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
|
||||||
}
|
}
|
||||||
|
|
||||||
String registrationId = matcher.getVariables().get("registrationId");
|
String registrationId = matcher.getVariables().get("registrationId");
|
||||||
RelyingPartyRegistration relyingParty = this.relyingPartyRegistrationRepository.findByRegistrationId(registrationId);
|
RelyingPartyRegistration relyingParty =
|
||||||
|
this.relyingPartyRegistrationRepository.findByRegistrationId(registrationId);
|
||||||
if (relyingParty == null) {
|
if (relyingParty == null) {
|
||||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (this.logger.isDebugEnabled()) {
|
if (this.logger.isDebugEnabled()) {
|
||||||
this.logger.debug(format("Creating SAML2 SP Authentication Request for IDP[%s]", relyingParty.getRegistrationId()));
|
this.logger.debug("Creating SAML 2.0 Authentication Request for Asserting Party [" +
|
||||||
|
relyingParty.getRegistrationId() + "]");
|
||||||
}
|
}
|
||||||
Saml2AuthenticationRequestContext authnRequestCtx = createRedirectAuthenticationRequestContext(relyingParty, request);
|
Saml2AuthenticationRequestContext context = createRedirectAuthenticationRequestContext(request, relyingParty);
|
||||||
if (relyingParty.getProviderDetails().getBinding() == Saml2MessageBinding.REDIRECT) {
|
if (relyingParty.getProviderDetails().getBinding() == Saml2MessageBinding.REDIRECT) {
|
||||||
sendRedirect(response, authnRequestCtx);
|
sendRedirect(response, context);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
sendPost(response, authnRequestCtx);
|
sendPost(response, context);
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void sendRedirect(HttpServletResponse response, Saml2AuthenticationRequestContext authnRequestCtx)
|
|
||||||
throws IOException {
|
|
||||||
String redirectUrl = createSamlRequestRedirectUrl(authnRequestCtx);
|
|
||||||
response.sendRedirect(redirectUrl);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void sendPost(HttpServletResponse response, Saml2AuthenticationRequestContext authnRequestCtx)
|
|
||||||
throws IOException {
|
|
||||||
Saml2PostAuthenticationRequest authNData =
|
|
||||||
this.authenticationRequestFactory.createPostAuthenticationRequest(authnRequestCtx);
|
|
||||||
String html = createSamlPostRequestFormData(authNData);
|
|
||||||
response.setContentType(MediaType.TEXT_HTML_VALUE);
|
|
||||||
response.getWriter().write(html);
|
|
||||||
}
|
|
||||||
|
|
||||||
private String createSamlRequestRedirectUrl(Saml2AuthenticationRequestContext authnRequestCtx) {
|
|
||||||
|
|
||||||
Saml2RedirectAuthenticationRequest authNData =
|
|
||||||
this.authenticationRequestFactory.createRedirectAuthenticationRequest(authnRequestCtx);
|
|
||||||
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(authNData.getAuthenticationRequestUri());
|
|
||||||
addParameter("SAMLRequest", authNData.getSamlRequest(), uriBuilder);
|
|
||||||
addParameter("RelayState", authNData.getRelayState(), uriBuilder);
|
|
||||||
addParameter("SigAlg", authNData.getSigAlg(), uriBuilder);
|
|
||||||
addParameter("Signature", authNData.getSignature(), uriBuilder);
|
|
||||||
return uriBuilder
|
|
||||||
.build(true)
|
|
||||||
.toUriString();
|
|
||||||
}
|
|
||||||
|
|
||||||
private void addParameter(String name, String value, UriComponentsBuilder builder) {
|
|
||||||
Assert.hasText(name, "name cannot be empty or null");
|
|
||||||
if (hasText(value)) {
|
|
||||||
builder.queryParam(
|
|
||||||
UriUtils.encode(name, ISO_8859_1),
|
|
||||||
UriUtils.encode(value, ISO_8859_1)
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private Saml2AuthenticationRequestContext createRedirectAuthenticationRequestContext(
|
private Saml2AuthenticationRequestContext createRedirectAuthenticationRequestContext(
|
||||||
RelyingPartyRegistration relyingParty,
|
HttpServletRequest request, RelyingPartyRegistration relyingParty) {
|
||||||
HttpServletRequest request) {
|
|
||||||
String applicationUri = Saml2ServletUtils.getApplicationUri(request);
|
String applicationUri = Saml2ServletUtils.getApplicationUri(request);
|
||||||
Function<String, String> resolver = templateResolver(applicationUri, relyingParty);
|
Function<String, String> resolver = templateResolver(applicationUri, relyingParty);
|
||||||
String localSpEntityId = resolver.apply(relyingParty.getLocalEntityIdTemplate());
|
String localSpEntityId = resolver.apply(relyingParty.getLocalEntityIdTemplate());
|
||||||
|
|
@ -210,17 +173,45 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
|
||||||
return template -> Saml2ServletUtils.resolveUrlTemplate(template, applicationUri, relyingParty);
|
return template -> Saml2ServletUtils.resolveUrlTemplate(template, applicationUri, relyingParty);
|
||||||
}
|
}
|
||||||
|
|
||||||
private String htmlEscape(String value) {
|
private void sendRedirect(HttpServletResponse response, Saml2AuthenticationRequestContext context)
|
||||||
if (hasText(value)) {
|
throws IOException {
|
||||||
return HtmlUtils.htmlEscape(value);
|
Saml2RedirectAuthenticationRequest authenticationRequest =
|
||||||
}
|
this.authenticationRequestFactory.createRedirectAuthenticationRequest(context);
|
||||||
return value;
|
UriComponentsBuilder uriBuilder = UriComponentsBuilder
|
||||||
|
.fromUriString(authenticationRequest.getAuthenticationRequestUri());
|
||||||
|
addParameter("SAMLRequest", authenticationRequest.getSamlRequest(), uriBuilder);
|
||||||
|
addParameter("RelayState", authenticationRequest.getRelayState(), uriBuilder);
|
||||||
|
addParameter("SigAlg", authenticationRequest.getSigAlg(), uriBuilder);
|
||||||
|
addParameter("Signature", authenticationRequest.getSignature(), uriBuilder);
|
||||||
|
String redirectUrl = uriBuilder
|
||||||
|
.build(true)
|
||||||
|
.toUriString();
|
||||||
|
response.sendRedirect(redirectUrl);
|
||||||
}
|
}
|
||||||
|
|
||||||
private String createSamlPostRequestFormData(Saml2PostAuthenticationRequest request) {
|
private void addParameter(String name, String value, UriComponentsBuilder builder) {
|
||||||
String destination = request.getAuthenticationRequestUri();
|
Assert.hasText(name, "name cannot be empty or null");
|
||||||
String relayState = htmlEscape(request.getRelayState());
|
if (StringUtils.hasText(value)) {
|
||||||
String samlRequest = htmlEscape(request.getSamlRequest());
|
builder.queryParam(
|
||||||
|
UriUtils.encode(name, ISO_8859_1),
|
||||||
|
UriUtils.encode(value, ISO_8859_1)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void sendPost(HttpServletResponse response, Saml2AuthenticationRequestContext context)
|
||||||
|
throws IOException {
|
||||||
|
Saml2PostAuthenticationRequest authenticationRequest =
|
||||||
|
this.authenticationRequestFactory.createPostAuthenticationRequest(context);
|
||||||
|
String html = createSamlPostRequestFormData(authenticationRequest);
|
||||||
|
response.setContentType(MediaType.TEXT_HTML_VALUE);
|
||||||
|
response.getWriter().write(html);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String createSamlPostRequestFormData(Saml2PostAuthenticationRequest authenticationRequest) {
|
||||||
|
String authenticationRequestUri = authenticationRequest.getAuthenticationRequestUri();
|
||||||
|
String relayState = authenticationRequest.getRelayState();
|
||||||
|
String samlRequest = authenticationRequest.getSamlRequest();
|
||||||
StringBuilder postHtml = new StringBuilder()
|
StringBuilder postHtml = new StringBuilder()
|
||||||
.append("<!DOCTYPE html>\n")
|
.append("<!DOCTYPE html>\n")
|
||||||
.append("<html>\n")
|
.append("<html>\n")
|
||||||
|
|
@ -235,16 +226,15 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
|
||||||
.append(" </p>\n")
|
.append(" </p>\n")
|
||||||
.append(" </noscript>\n")
|
.append(" </noscript>\n")
|
||||||
.append(" \n")
|
.append(" \n")
|
||||||
.append(" <form action=\"").append(destination).append("\" method=\"post\">\n")
|
.append(" <form action=\"").append(authenticationRequestUri).append("\" method=\"post\">\n")
|
||||||
.append(" <div>\n")
|
.append(" <div>\n")
|
||||||
.append(" <input type=\"hidden\" name=\"SAMLRequest\" value=\"")
|
.append(" <input type=\"hidden\" name=\"SAMLRequest\" value=\"")
|
||||||
.append(samlRequest)
|
.append(HtmlUtils.htmlEscape(samlRequest))
|
||||||
.append("\"/>\n")
|
.append("\"/>\n");
|
||||||
;
|
if (StringUtils.hasText(relayState)) {
|
||||||
if (hasText(relayState)) {
|
|
||||||
postHtml
|
postHtml
|
||||||
.append(" <input type=\"hidden\" name=\"RelayState\" value=\"")
|
.append(" <input type=\"hidden\" name=\"RelayState\" value=\"")
|
||||||
.append(relayState)
|
.append(HtmlUtils.htmlEscape(relayState))
|
||||||
.append("\"/>\n");
|
.append("\"/>\n");
|
||||||
}
|
}
|
||||||
postHtml
|
postHtml
|
||||||
|
|
@ -257,8 +247,7 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter
|
||||||
.append(" </form>\n")
|
.append(" </form>\n")
|
||||||
.append(" \n")
|
.append(" \n")
|
||||||
.append(" </body>\n")
|
.append(" </body>\n")
|
||||||
.append("</html>")
|
.append("</html>");
|
||||||
;
|
|
||||||
return postHtml.toString();
|
return postHtml.toString();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue