Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add AuthnRequstsSigned to OpenSaml implementations

Browse Source 
Issue gh-12841
This commit is contained in:
Josh Cummings 2023-03-20 13:58:58 -06:00
parent fd6aecf8da
commit fd4541be0c
2 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
View File

@ -37,8 +37,8 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(), registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(),
registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(), registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(),
registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(), registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(),
registration.getNameIdFormat(), registration.getDecryptionX509Credentials(), registration.getNameIdFormat(), registration.isAuthnRequestsSigned(),
registration.getSigningX509Credentials()); registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials());
} }
/** /**
@ -55,7 +55,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
.singleLogoutServiceLocation(getSingleLogoutServiceLocation()) .singleLogoutServiceLocation(getSingleLogoutServiceLocation())
.singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation()) .singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation())
.singleLogoutServiceBindings((c) -> c.addAll(getSingleLogoutServiceBindings())) .singleLogoutServiceBindings((c) -> c.addAll(getSingleLogoutServiceBindings()))
.nameIdFormat(getNameIdFormat()) .nameIdFormat(getNameIdFormat()).authnRequestsSigned(isAuthnRequestsSigned())
.assertingPartyDetails((assertingParty) -> ((OpenSamlAssertingPartyDetails.Builder) assertingParty) .assertingPartyDetails((assertingParty) -> ((OpenSamlAssertingPartyDetails.Builder) assertingParty)
.entityId(party.getEntityId()).wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned()) .entityId(party.getEntityId()).wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned())
.signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms())) .signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms()))
@ -152,6 +152,11 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
return (Builder) super.nameIdFormat(nameIdFormat); return (Builder) super.nameIdFormat(nameIdFormat);
} }
@Override
public Builder authnRequestsSigned(Boolean authnRequestsSigned) {
return (Builder) super.authnRequestsSigned(authnRequestsSigned);
}
@Override @Override
public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) { public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
return (Builder) super.assertingPartyDetails(assertingPartyDetails); return (Builder) super.assertingPartyDetails(assertingPartyDetails);

26
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolverTests.java
View File

@ -16,6 +16,8 @@
package org.springframework.security.saml2.provider.service.web.authentication; package org.springframework.security.saml2.provider.service.web.authentication;
import java.util.stream.Stream;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
@ -35,8 +37,6 @@ import org.springframework.security.saml2.provider.service.registration.TestRely
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
import java.util.stream.Stream;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -54,13 +54,13 @@ public class OpenSamlAuthenticationRequestResolverTests {
@ParameterizedTest @ParameterizedTest
@MethodSource("provideSignRequestFlags") @MethodSource("provideSignRequestFlags")
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) { public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned,
boolean authnRequestsSigned) {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id"); request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
.authnRequestsSigned(authnRequestsSigned) .authnRequestsSigned(authnRequestsSigned)
.assertingPartyDetails(party -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned)) .assertingPartyDetails((party) -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned)).build();
.build();
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration); OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> { Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration); UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@ -122,10 +122,9 @@ public class OpenSamlAuthenticationRequestResolverTests {
public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() { public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id"); request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder.assertingPartyDetails(
.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false)) (party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false))
.authnRequestsSigned(false) .authnRequestsSigned(false).build();
.build();
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration); OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> { Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration); UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@ -146,7 +145,8 @@ public class OpenSamlAuthenticationRequestResolverTests {
@ParameterizedTest @ParameterizedTest
@MethodSource("provideSignRequestFlags") @MethodSource("provideSignRequestFlags")
public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) { public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned,
boolean authnRequestsSigned) {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id"); request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
@ -195,11 +195,7 @@ public class OpenSamlAuthenticationRequestResolverTests {
} }
private static Stream<Arguments> provideSignRequestFlags() { private static Stream<Arguments> provideSignRequestFlags() {
return Stream.of( return Stream.of(Arguments.of(true, true), Arguments.of(true, false), Arguments.of(false, true));
Arguments.of(true, true),
Arguments.of(true, false),
Arguments.of(false, true)
);
} }
} }