Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.
Issue gh-8945
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.
Issue gh-8945
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.
Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.
Issue gh-8776
In several cases, taking a pre-set ValidationContext is not sufficient.
For example, the recipient is calculated via the
RelyingPartyRegistration that's currently in the context of the
request.
Instead, then, createDefaultAssertionValidator was broken up into two
different methods: One that takes no parameters and assumes the class's
default ValidationContext, and another that takes a converter to derive
the ValidationContext from the incoming authentication token.
Issue gh-8970
Rename it to DefaultSaml2AuthenticatedPrincipal to be more in line with
the respective class in the OAuth2 module.
Also make the class public to be able to whitelist the SAML2 auth classes
in Jackson object mappers for deserialization in e.g. Spring Session MongoDB.
Closes gh-8852
- Add static factories to Saml2X509Credential for verification, encryption,
signing, and decryption.
- Add unit tests for new static factories in Saml2X509Credential.
Fixes gh-8789
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.
This provides following API contract and implementation:
- Saml2AuthenticationRequestContextResolver
- DefaultSaml2AuthenticationRequestContextResolver
Fixes gh-8360
