GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.1.x' 

Closes gh-13656
pull/13668/head
Josh Cummings 2 years ago
parent
3ba5cc0e40 d2d1f19133
commit
8d58113b61
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 42 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
  2. 34
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java

13
config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
Unescape View File

@ -270,6 +270,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
} }
} }
this.initDefaultLoginFilter(http); this.initDefaultLoginFilter(http);
if (this.authenticationManager == null) {
registerDefaultAuthenticationProvider(http);
}
} }
/** /**
@ -285,10 +288,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http)); filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
http.addFilter(postProcess(filter)); http.addFilter(postProcess(filter));
super.configure(http); super.configure(http);
if (this.authenticationManager == null) { if (this.authenticationManager != null) {
registerDefaultAuthenticationProvider(http);
}
else {
this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager); this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
} }
} }
@ -361,7 +361,10 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
} }
private void registerDefaultAuthenticationProvider(B http) { private void registerDefaultAuthenticationProvider(B http) {
http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider())); OpenSaml4AuthenticationProvider provider = getBeanOrNull(http, OpenSaml4AuthenticationProvider.class);
if (provider == null) {
http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
}
} }
private void registerDefaultCsrfOverride(B http) { private void registerDefaultCsrfOverride(B http) {

34
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
Unescape View File

@ -50,6 +50,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.Customizer; import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig; import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
@ -68,6 +69,7 @@ import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2Utils; import org.springframework.security.saml2.core.Saml2Utils;
import org.springframework.security.saml2.core.TestSaml2X509Credentials; import org.springframework.security.saml2.core.TestSaml2X509Credentials;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@ -390,6 +392,15 @@ public class Saml2LoginConfigurerTests {
.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id")); .andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
} }
@Test
public void saml2LoginWhenCustomAuthenticationProviderThenUses() throws Exception {
this.spring.register(CustomAuthenticationProviderConfig.class).autowire();
AuthenticationProvider provider = this.spring.getContext().getBean(AuthenticationProvider.class);
this.mvc.perform(post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE))
.andExpect(status().isFound());
verify(provider).authenticate(any());
}
private void performSaml2Login(String expected) throws IOException, ServletException { private void performSaml2Login(String expected) throws IOException, ServletException {
// setup authentication parameters // setup authentication parameters
this.request.setRequestURI("/login/saml2/sso/registration-id"); this.request.setRequestURI("/login/saml2/sso/registration-id");
@ -700,6 +711,29 @@ public class Saml2LoginConfigurerTests {
} }
@Configuration
@EnableWebSecurity
@EnableWebMvc
@Import(Saml2LoginConfigBeans.class)
static class CustomAuthenticationProviderConfig {
private final OpenSaml4AuthenticationProvider provider = spy(new OpenSaml4AuthenticationProvider());
@Bean
SecurityFilterChain web(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
.saml2Login(Customizer.withDefaults());
return http.build();
}
@Bean
AuthenticationProvider provider() {
return this.provider;
}
}
static class Saml2LoginConfigBeans { static class Saml2LoginConfigBeans {
@Bean @Bean

Write Preview
Loading…
Cancel
Save