Add Switch for Processing GET Requests

Issue gh-17099
2025-06-08 13:12:12 +00:00 · 2025-06-03 13:03:21 -06:00 · 2025-06-03 13:03:21 -06:00 · f73f253beb
commit f73f253beb
parent 32c7e8a6ee
3 changed files with 32 additions and 4 deletions
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java
@ -51,6 +51,8 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 	private Saml2AuthenticationRequestRepository<?> authenticationRequests = new HttpSessionSaml2AuthenticationRequestRepository();
 	private boolean shouldConvertGetRequests = true;
 	/**
 	 * Constructs a {@link BaseOpenSamlAuthenticationTokenConverter} given a repository
 	 * for {@link RelyingPartyRegistration}s
@ -172,13 +174,19 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		this.requestMatcher = requestMatcher;
 	}
 	void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.shouldConvertGetRequests = shouldConvertGetRequests;
 	}
 	private String decode(HttpServletRequest request) {
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		boolean isGet = HttpMethod.GET.matches(request.getMethod());
 		if (!this.shouldConvertGetRequests && isGet) {
 			return null;
 		}
 		Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet);
 		try {
-			return Saml2Utils.withEncoded(encoded)
+			return decoding.decode();
 				.requireBase64(true)
 				.inflate(HttpMethod.GET.matches(request.getMethod()))
 				.decode();
 		}
 		catch (Exception ex) {
 			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
--- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSaml4AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSaml4AuthenticationTokenConverter.java
@ -101,4 +101,14 @@ public final class OpenSaml4AuthenticationTokenConverter implements Authenticati
 		this.delegate.setRequestMatcher(requestMatcher);
 	}
 	/**
 	 * Use the given {@code shouldConvertGetRequests} to convert {@code GET} requests.
 	 * Default is {@code true}.
 	 * @param shouldConvertGetRequests the {@code shouldConvertGetRequests} to use
 	 * @since 7.0
 	 */
 	public void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.delegate.setShouldConvertGetRequests(shouldConvertGetRequests);
 	}
 }
--- a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/web/OpenSaml5AuthenticationTokenConverter.java
+++ b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/web/OpenSaml5AuthenticationTokenConverter.java
@ -101,4 +101,14 @@ public final class OpenSaml5AuthenticationTokenConverter implements Authenticati
 		this.delegate.setRequestMatcher(requestMatcher);
 	}
 	/**
 	 * Use the given {@code shouldConvertGetRequests} to convert {@code GET} requests.
 	 * Default is {@code true}.
 	 * @param shouldConvertGetRequests the {@code shouldConvertGetRequests} to use
 	 * @since 7.0
 	 */
 	public void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
 		this.delegate.setShouldConvertGetRequests(shouldConvertGetRequests);
 	}
 }