Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.
Issue gh-8945
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.
Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.
Issue gh-8776
In several cases, taking a pre-set ValidationContext is not sufficient.
For example, the recipient is calculated via the
RelyingPartyRegistration that's currently in the context of the
request.
Instead, then, createDefaultAssertionValidator was broken up into two
different methods: One that takes no parameters and assumes the class's
default ValidationContext, and another that takes a converter to derive
the ValidationContext from the incoming authentication token.
Issue gh-8970
Rename it to DefaultSaml2AuthenticatedPrincipal to be more in line with
the respective class in the OAuth2 module.
Also make the class public to be able to whitelist the SAML2 auth classes
in Jackson object mappers for deserialization in e.g. Spring Session MongoDB.
Closes gh-8852
- Add static factories to Saml2X509Credential for verification, encryption,
signing, and decryption.
- Add unit tests for new static factories in Saml2X509Credential.
Fixes gh-8789
