Josh Cummings
commit
d2d1f19133
|
|
@ -268,6 +268,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
this.initDefaultLoginFilter(http);
|
this.initDefaultLoginFilter(http);
|
||||||
|
if (this.authenticationManager == null) {
|
||||||
|
registerDefaultAuthenticationProvider(http);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -283,10 +286,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
||||||
filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
|
filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
|
||||||
http.addFilter(postProcess(filter));
|
http.addFilter(postProcess(filter));
|
||||||
super.configure(http);
|
super.configure(http);
|
||||||
if (this.authenticationManager == null) {
|
if (this.authenticationManager != null) {
|
||||||
registerDefaultAuthenticationProvider(http);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
|
this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -359,7 +359,10 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
||||||
}
|
}
|
||||||
|
|
||||||
private void registerDefaultAuthenticationProvider(B http) {
|
private void registerDefaultAuthenticationProvider(B http) {
|
||||||
http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
|
OpenSaml4AuthenticationProvider provider = getBeanOrNull(http, OpenSaml4AuthenticationProvider.class);
|
||||||
|
if (provider == null) {
|
||||||
|
http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void registerDefaultCsrfOverride(B http) {
|
private void registerDefaultCsrfOverride(B http) {
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
||||||
import org.springframework.mock.web.MockHttpServletResponse;
|
import org.springframework.mock.web.MockHttpServletResponse;
|
||||||
import org.springframework.mock.web.MockHttpSession;
|
import org.springframework.mock.web.MockHttpSession;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
|
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
|
||||||
|
|
@ -59,6 +60,7 @@ import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||||
import org.springframework.security.saml2.core.Saml2Utils;
|
import org.springframework.security.saml2.core.Saml2Utils;
|
||||||
import org.springframework.security.saml2.core.TestSaml2X509Credentials;
|
import org.springframework.security.saml2.core.TestSaml2X509Credentials;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
||||||
|
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
|
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
|
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
|
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
|
||||||
|
|
@ -353,6 +355,15 @@ public class Saml2LoginConfigurerTests {
|
||||||
.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
|
.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void saml2LoginWhenCustomAuthenticationProviderThenUses() throws Exception {
|
||||||
|
this.spring.register(CustomAuthenticationProviderConfig.class).autowire();
|
||||||
|
AuthenticationProvider provider = this.spring.getContext().getBean(AuthenticationProvider.class);
|
||||||
|
this.mvc.perform(post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE))
|
||||||
|
.andExpect(status().isFound());
|
||||||
|
verify(provider).authenticate(any());
|
||||||
|
}
|
||||||
|
|
||||||
private void performSaml2Login(String expected) throws IOException, ServletException {
|
private void performSaml2Login(String expected) throws IOException, ServletException {
|
||||||
// setup authentication parameters
|
// setup authentication parameters
|
||||||
this.request.setRequestURI("/login/saml2/sso/registration-id");
|
this.request.setRequestURI("/login/saml2/sso/registration-id");
|
||||||
|
|
@ -663,6 +674,29 @@ public class Saml2LoginConfigurerTests {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
@EnableWebMvc
|
||||||
|
@Import(Saml2LoginConfigBeans.class)
|
||||||
|
static class CustomAuthenticationProviderConfig {
|
||||||
|
|
||||||
|
private final OpenSaml4AuthenticationProvider provider = spy(new OpenSaml4AuthenticationProvider());
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
SecurityFilterChain web(HttpSecurity http) throws Exception {
|
||||||
|
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||||
|
.saml2Login(Customizer.withDefaults());
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
AuthenticationProvider provider() {
|
||||||
|
return this.provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
static class Saml2LoginConfigBeans {
|
static class Saml2LoginConfigBeans {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue