Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Josh Cummings
|
88f886e646 |
+1
-23
@@ -20,26 +20,4 @@ allprojects {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (hasProperty('buildScan')) {
|
||||
buildScan {
|
||||
termsOfServiceUrl = 'https://gradle.com/terms-of-service'
|
||||
termsOfServiceAgree = 'yes'
|
||||
}
|
||||
}
|
||||
|
||||
repositories {
|
||||
mavenCentral()
|
||||
}
|
||||
|
||||
tasks.register('runAllTests') {
|
||||
var allTasks = rootProject.getAllTasks(true)
|
||||
var allTestsTasks = allTasks.values().collect { t ->
|
||||
t.findAll { it.name == 'test' || it.name == 'integrationTest' }
|
||||
}.flatten()
|
||||
it.dependsOn {
|
||||
allTestsTasks
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Vendored
BIN
Binary file not shown.
+1
-1
@@ -1,5 +1,5 @@
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.4-bin.zip
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#
|
||||
# Copyright © 2015-2021 the original authors.
|
||||
# Copyright 2015 the original author or authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -17,101 +17,67 @@
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
#
|
||||
# Gradle start up script for POSIX generated by Gradle.
|
||||
#
|
||||
# Important for running:
|
||||
#
|
||||
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
|
||||
# noncompliant, but you have some other compliant shell such as ksh or
|
||||
# bash, then to run this script, type that shell name before the whole
|
||||
# command line, like:
|
||||
#
|
||||
# ksh Gradle
|
||||
#
|
||||
# Busybox and similar reduced shells will NOT work, because this script
|
||||
# requires all of these POSIX shell features:
|
||||
# * functions;
|
||||
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
|
||||
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
|
||||
# * compound commands having a testable exit status, especially «case»;
|
||||
# * various built-in commands including «command», «set», and «ulimit».
|
||||
#
|
||||
# Important for patching:
|
||||
#
|
||||
# (2) This script targets any POSIX shell, so it avoids extensions provided
|
||||
# by Bash, Ksh, etc; in particular arrays are avoided.
|
||||
#
|
||||
# The "traditional" practice of packing multiple parameters into a
|
||||
# space-separated string is a well documented source of bugs and security
|
||||
# problems, so this is (mostly) avoided, by progressively accumulating
|
||||
# options in "$@", and eventually passing that to Java.
|
||||
#
|
||||
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
|
||||
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
|
||||
# see the in-line comments for details.
|
||||
#
|
||||
# There are tweaks for specific operating systems such as AIX, CygWin,
|
||||
# Darwin, MinGW, and NonStop.
|
||||
#
|
||||
# (3) This script is generated from the Groovy template
|
||||
# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
|
||||
# within the Gradle project.
|
||||
#
|
||||
# You can find Gradle at https://github.com/gradle/gradle/.
|
||||
#
|
||||
##
|
||||
## Gradle start up script for UN*X
|
||||
##
|
||||
##############################################################################
|
||||
|
||||
# Attempt to set APP_HOME
|
||||
|
||||
# Resolve links: $0 may be a link
|
||||
app_path=$0
|
||||
|
||||
# Need this for daisy-chained symlinks.
|
||||
while
|
||||
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
|
||||
[ -h "$app_path" ]
|
||||
do
|
||||
ls=$( ls -ld "$app_path" )
|
||||
link=${ls#*' -> '}
|
||||
case $link in #(
|
||||
/*) app_path=$link ;; #(
|
||||
*) app_path=$APP_HOME$link ;;
|
||||
esac
|
||||
PRG="$0"
|
||||
# Need this for relative symlinks.
|
||||
while [ -h "$PRG" ] ; do
|
||||
ls=`ls -ld "$PRG"`
|
||||
link=`expr "$ls" : '.*-> \(.*\)$'`
|
||||
if expr "$link" : '/.*' > /dev/null; then
|
||||
PRG="$link"
|
||||
else
|
||||
PRG=`dirname "$PRG"`"/$link"
|
||||
fi
|
||||
done
|
||||
|
||||
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
|
||||
SAVED="`pwd`"
|
||||
cd "`dirname \"$PRG\"`/" >/dev/null
|
||||
APP_HOME="`pwd -P`"
|
||||
cd "$SAVED" >/dev/null
|
||||
|
||||
APP_NAME="Gradle"
|
||||
APP_BASE_NAME=${0##*/}
|
||||
APP_BASE_NAME=`basename "$0"`
|
||||
|
||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
|
||||
|
||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||
MAX_FD=maximum
|
||||
MAX_FD="maximum"
|
||||
|
||||
warn () {
|
||||
echo "$*"
|
||||
} >&2
|
||||
}
|
||||
|
||||
die () {
|
||||
echo
|
||||
echo "$*"
|
||||
echo
|
||||
exit 1
|
||||
} >&2
|
||||
}
|
||||
|
||||
# OS specific support (must be 'true' or 'false').
|
||||
cygwin=false
|
||||
msys=false
|
||||
darwin=false
|
||||
nonstop=false
|
||||
case "$( uname )" in #(
|
||||
CYGWIN* ) cygwin=true ;; #(
|
||||
Darwin* ) darwin=true ;; #(
|
||||
MSYS* | MINGW* ) msys=true ;; #(
|
||||
NONSTOP* ) nonstop=true ;;
|
||||
case "`uname`" in
|
||||
CYGWIN* )
|
||||
cygwin=true
|
||||
;;
|
||||
Darwin* )
|
||||
darwin=true
|
||||
;;
|
||||
MINGW* )
|
||||
msys=true
|
||||
;;
|
||||
NONSTOP* )
|
||||
nonstop=true
|
||||
;;
|
||||
esac
|
||||
|
||||
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||
@@ -121,9 +87,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||
if [ -n "$JAVA_HOME" ] ; then
|
||||
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||
# IBM's JDK on AIX uses strange locations for the executables
|
||||
JAVACMD=$JAVA_HOME/jre/sh/java
|
||||
JAVACMD="$JAVA_HOME/jre/sh/java"
|
||||
else
|
||||
JAVACMD=$JAVA_HOME/bin/java
|
||||
JAVACMD="$JAVA_HOME/bin/java"
|
||||
fi
|
||||
if [ ! -x "$JAVACMD" ] ; then
|
||||
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
||||
@@ -132,7 +98,7 @@ Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
else
|
||||
JAVACMD=java
|
||||
JAVACMD="java"
|
||||
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
@@ -140,95 +106,80 @@ location of your Java installation."
|
||||
fi
|
||||
|
||||
# Increase the maximum file descriptors if we can.
|
||||
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
|
||||
case $MAX_FD in #(
|
||||
max*)
|
||||
MAX_FD=$( ulimit -H -n ) ||
|
||||
warn "Could not query maximum file descriptor limit"
|
||||
esac
|
||||
case $MAX_FD in #(
|
||||
'' | soft) :;; #(
|
||||
*)
|
||||
ulimit -n "$MAX_FD" ||
|
||||
warn "Could not set maximum file descriptor limit to $MAX_FD"
|
||||
esac
|
||||
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
|
||||
MAX_FD_LIMIT=`ulimit -H -n`
|
||||
if [ $? -eq 0 ] ; then
|
||||
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
||||
MAX_FD="$MAX_FD_LIMIT"
|
||||
fi
|
||||
ulimit -n $MAX_FD
|
||||
if [ $? -ne 0 ] ; then
|
||||
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
||||
fi
|
||||
else
|
||||
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Collect all arguments for the java command, stacking in reverse order:
|
||||
# * args from the command line
|
||||
# * the main class name
|
||||
# * -classpath
|
||||
# * -D...appname settings
|
||||
# * --module-path (only if needed)
|
||||
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
|
||||
# For Darwin, add options to specify how the application appears in the dock
|
||||
if $darwin; then
|
||||
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
||||
fi
|
||||
|
||||
# For Cygwin or MSYS, switch paths to Windows format before running java
|
||||
if "$cygwin" || "$msys" ; then
|
||||
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
|
||||
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
|
||||
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
|
||||
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
||||
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
||||
|
||||
JAVACMD=`cygpath --unix "$JAVACMD"`
|
||||
|
||||
JAVACMD=$( cygpath --unix "$JAVACMD" )
|
||||
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
for arg do
|
||||
if
|
||||
case $arg in #(
|
||||
-*) false ;; # don't mess with options #(
|
||||
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
|
||||
[ -e "$t" ] ;; #(
|
||||
*) false ;;
|
||||
esac
|
||||
then
|
||||
arg=$( cygpath --path --ignore --mixed "$arg" )
|
||||
fi
|
||||
# Roll the args list around exactly as many times as the number of
|
||||
# args, so each arg winds up back in the position where it started, but
|
||||
# possibly modified.
|
||||
#
|
||||
# NB: a `for` loop captures its iteration list before it begins, so
|
||||
# changing the positional parameters here affects neither the number of
|
||||
# iterations, nor the values presented in `arg`.
|
||||
shift # remove old arg
|
||||
set -- "$@" "$arg" # push replacement arg
|
||||
# We build the pattern for arguments to be converted via cygpath
|
||||
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
||||
SEP=""
|
||||
for dir in $ROOTDIRSRAW ; do
|
||||
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
||||
SEP="|"
|
||||
done
|
||||
OURCYGPATTERN="(^($ROOTDIRS))"
|
||||
# Add a user-defined pattern to the cygpath arguments
|
||||
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
||||
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
||||
fi
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
i=0
|
||||
for arg in "$@" ; do
|
||||
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
||||
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
||||
|
||||
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
||||
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
||||
else
|
||||
eval `echo args$i`="\"$arg\""
|
||||
fi
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
case $i in
|
||||
0) set -- ;;
|
||||
1) set -- "$args0" ;;
|
||||
2) set -- "$args0" "$args1" ;;
|
||||
3) set -- "$args0" "$args1" "$args2" ;;
|
||||
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
||||
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
||||
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
||||
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
||||
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
||||
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Collect all arguments for the java command;
|
||||
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
|
||||
# shell script including quotes and variable substitutions, so put them in
|
||||
# double quotes to make sure that they get re-expanded; and
|
||||
# * put everything else in single quotes, so that it's not re-expanded.
|
||||
# Escape application args
|
||||
save () {
|
||||
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
|
||||
echo " "
|
||||
}
|
||||
APP_ARGS=`save "$@"`
|
||||
|
||||
set -- \
|
||||
"-Dorg.gradle.appname=$APP_BASE_NAME" \
|
||||
-classpath "$CLASSPATH" \
|
||||
org.gradle.wrapper.GradleWrapperMain \
|
||||
"$@"
|
||||
|
||||
# Use "xargs" to parse quoted args.
|
||||
#
|
||||
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
|
||||
#
|
||||
# In Bash we could simply go:
|
||||
#
|
||||
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
|
||||
# set -- "${ARGS[@]}" "$@"
|
||||
#
|
||||
# but POSIX shell has neither arrays nor command substitution, so instead we
|
||||
# post-process each arg (as a line of input to sed) to backslash-escape any
|
||||
# character that might be a shell metacharacter, then use eval to reverse
|
||||
# that process (while maintaining the separation between arguments), and wrap
|
||||
# the whole thing up as a single "set" statement.
|
||||
#
|
||||
# This will of course break if any of these variables contains a newline or
|
||||
# an unmatched quote.
|
||||
#
|
||||
|
||||
eval "set -- $(
|
||||
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
|
||||
xargs -n1 |
|
||||
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
|
||||
tr '\n' ' '
|
||||
)" '"$@"'
|
||||
# Collect all arguments for the java command, following the shell quoting and substitution rules
|
||||
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
|
||||
|
||||
exec "$JAVACMD" "$@"
|
||||
|
||||
Vendored
+18
-3
@@ -40,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto execute
|
||||
if "%ERRORLEVEL%" == "0" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
@@ -54,7 +54,7 @@ goto fail
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto execute
|
||||
if exist "%JAVA_EXE%" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
@@ -64,6 +64,21 @@ echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:init
|
||||
@rem Get command-line arguments, handling Windows variants
|
||||
|
||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
||||
|
||||
:win9xME_args
|
||||
@rem Slurp the command line arguments.
|
||||
set CMD_LINE_ARGS=
|
||||
set _SKIP=2
|
||||
|
||||
:win9xME_args_slurp
|
||||
if "x%~1" == "x" goto execute
|
||||
|
||||
set CMD_LINE_ARGS=%*
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
@@ -71,7 +86,7 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
+1
-1
@@ -20,8 +20,8 @@ import org.junit.jupiter.api.Test;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.rsocket.context.LocalRSocketServerPort;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.rsocket.server.LocalRSocketServerPort;
|
||||
import org.springframework.messaging.rsocket.RSocketRequester;
|
||||
import org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder;
|
||||
import org.springframework.security.rsocket.metadata.UsernamePasswordMetadata;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
+1
-1
@@ -31,7 +31,7 @@ import org.junit.jupiter.api.Test;
|
||||
import reactor.netty.http.client.HttpClient;
|
||||
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.web.server.LocalServerPort;
|
||||
import org.springframework.boot.web.server.LocalServerPort;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.http.client.reactive.ClientHttpConnector;
|
||||
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
+1
-1
@@ -24,7 +24,7 @@ import org.openqa.selenium.WebDriver;
|
||||
import org.openqa.selenium.htmlunit.HtmlUnitDriver;
|
||||
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.web.server.LocalServerPort;
|
||||
import org.springframework.boot.web.server.LocalServerPort;
|
||||
|
||||
/**
|
||||
* Integration tests.
|
||||
|
||||
-2
@@ -17,7 +17,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
@@ -33,7 +32,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebFluxSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -17,7 +17,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
@@ -31,7 +30,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
* @author Rob Winch
|
||||
* @since 5.1
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebFluxSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
@@ -31,7 +30,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
*
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebFluxSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
|
||||
|
||||
plugins {
|
||||
id("org.springframework.boot") version "3.0.0-SNAPSHOT"
|
||||
id("org.springframework.boot") version "3.0.0-M1"
|
||||
id("io.spring.dependency-management") version "1.0.11.RELEASE"
|
||||
kotlin("jvm") version "1.6.0"
|
||||
kotlin("plugin.spring") version "1.6.0"
|
||||
|
||||
-2
@@ -17,7 +17,6 @@
|
||||
package example
|
||||
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity
|
||||
import org.springframework.security.config.web.server.invoke
|
||||
@@ -26,7 +25,6 @@ import org.springframework.security.core.userdetails.ReactiveUserDetailsService
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain
|
||||
|
||||
@Configuration
|
||||
@EnableWebFluxSecurity
|
||||
class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -25,7 +24,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -25,7 +24,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -25,7 +24,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,14 +16,12 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -18,14 +18,12 @@ package example;
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.JdbcUserDetailsManager;
|
||||
import org.springframework.security.provisioning.UserDetailsManager;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
|
||||
@@ -25,7 +24,6 @@ import org.springframework.security.ldap.authentication.LdapAuthenticationProvid
|
||||
import org.springframework.security.ldap.authentication.LdapAuthenticator;
|
||||
import org.springframework.security.ldap.server.UnboundIdContainer;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -27,7 +26,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ dependencies {
|
||||
implementation "org.springframework.security:spring-security-web"
|
||||
implementation 'jakarta.validation:jakarta.validation-api:2.0.2'
|
||||
implementation 'jakarta.persistence:jakarta.persistence-api:3.0.0'
|
||||
implementation 'org.hibernate.orm:hibernate-core:6.1.1.Final'
|
||||
implementation 'org.hibernate.orm:hibernate-core:6.0.0.Beta2'
|
||||
implementation 'org.hibernate.validator:hibernate-validator:7.0.1.Final'
|
||||
implementation 'org.hsqldb:hsqldb:2.5.1'
|
||||
implementation 'org.springframework.data:spring-data-jpa:3.0.0-SNAPSHOT'
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -27,7 +26,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -27,7 +26,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -16,14 +16,12 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
-2
@@ -17,7 +17,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
@@ -29,7 +28,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S
|
||||
|
||||
=== SAML 2.0 Login
|
||||
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
The following features are implemented in the MVP:
|
||||
|
||||
1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
|
||||
2. Send a SAML 2.0 AuthNRequest to an Identity Provider
|
||||
3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
|
||||
4. Work against the Okta SAML 2.0 IDP reference implementation
|
||||
4. Work against the SimpleSAMLphp reference implementation
|
||||
|
||||
=== SAML 2.0 Single Logout
|
||||
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
|
||||
|
||||
@@ -31,21 +31,20 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa
|
||||
|
||||
== Run the Sample
|
||||
|
||||
=== Start up the Sample Boot Application
|
||||
```
|
||||
./gradlew :spring-security-samples-boot-saml2login:bootRun
|
||||
```
|
||||
=== Start up the application
|
||||
|
||||
You should run the application war in a servlet container like Tomcat
|
||||
|
||||
=== Open a Browser
|
||||
|
||||
http://localhost:8080/
|
||||
|
||||
You will be redirect to the Okta SAML 2.0 IDP
|
||||
You will be redirect to the SimpleSAMLphp IDP
|
||||
|
||||
=== Type in your credentials
|
||||
|
||||
```
|
||||
User: testuser@spring.security.saml
|
||||
Password: 12345678
|
||||
User: user
|
||||
Password: password
|
||||
```
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
plugins {
|
||||
id "java"
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id "org.gretty" version "4.0.0"
|
||||
id "org.gretty" version "3.0.6"
|
||||
id "war"
|
||||
}
|
||||
|
||||
@@ -54,7 +54,7 @@ dependencies {
|
||||
testImplementation "org.springframework:spring-test"
|
||||
testImplementation "org.springframework.security:spring-security-test"
|
||||
testImplementation("org.junit.jupiter:junit-jupiter-api")
|
||||
testImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
testImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
testImplementation 'org.hamcrest:hamcrest:2.2'
|
||||
testImplementation 'org.awaitility:awaitility:4.2.0'
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
gretty {
|
||||
servletContainer = "tomcat10"
|
||||
servletContainer = "tomcat9"
|
||||
contextPath = "/"
|
||||
fileLogEnabled = false
|
||||
integrationTestTask = 'integrationTest'
|
||||
@@ -38,4 +38,4 @@ project.tasks.matching { it.name == "integrationTest" }.all {
|
||||
integrationTest.systemProperty 'app.httpBaseURI', httpBaseUrl
|
||||
integrationTest.systemProperty 'app.httpsBaseURI', httpsBaseUrl
|
||||
}
|
||||
}
|
||||
}
|
||||
+2
-17
@@ -16,8 +16,6 @@
|
||||
|
||||
package example;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
|
||||
@@ -74,7 +72,7 @@ public class Saml2JavaConfigurationITests {
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -83,20 +81,7 @@ public class Saml2JavaConfigurationITests {
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
List<String> urls = new ArrayList<>();
|
||||
urls.add(loginPage.getUrl().getFile());
|
||||
urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
|
||||
assertThat(urls).withFailMessage(() -> {
|
||||
// @formatter:off
|
||||
String builder = loginPage.asXml()
|
||||
+ "\n\n\n"
|
||||
+ "Enclosing Page"
|
||||
+ "\n\n\n"
|
||||
+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
|
||||
// @formatter:on
|
||||
return builder;
|
||||
}).contains("/login?logout");
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
private void performLogin() throws Exception {
|
||||
|
||||
-2
@@ -22,7 +22,6 @@ import java.security.interfaces.RSAPrivateKey;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.config.Customizer;
|
||||
@@ -36,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
plugins {
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
}
|
||||
|
||||
+1
-3
@@ -47,7 +47,6 @@ public class SecurityConfig {
|
||||
// @formatter:off
|
||||
http
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.antMatchers("/favicon.ico").permitAll()
|
||||
.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
@@ -63,8 +62,7 @@ public class SecurityConfig {
|
||||
return filter;
|
||||
}
|
||||
})
|
||||
)
|
||||
.securityContext((context) -> context.requireExplicitSave(false));
|
||||
);
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
plugins {
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
+1
-1
@@ -24,7 +24,7 @@ import org.openqa.selenium.WebDriver;
|
||||
import org.openqa.selenium.htmlunit.HtmlUnitDriver;
|
||||
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.web.server.LocalServerPort;
|
||||
import org.springframework.boot.web.server.LocalServerPort;
|
||||
|
||||
/**
|
||||
* Integration tests.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id 'java'
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id 'java'
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '2.6.4'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
@@ -13,7 +13,7 @@ repositories {
|
||||
|
||||
dependencies {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web'
|
||||
implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0-M1'
|
||||
implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.0'
|
||||
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
version=6.0.0-SNAPSHOT
|
||||
spring-security.version=6.0.0-SNAPSHOT
|
||||
version=5.7.0-SNAPSHOT
|
||||
spring-security.version=5.7.0-SNAPSHOT
|
||||
|
||||
BIN
Binary file not shown.
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
-1
@@ -75,7 +75,6 @@ public class OAuth2AuthorizationServerApplicationITests {
|
||||
// @formatter:off
|
||||
this.mockMvc.perform(post("/oauth2/token")
|
||||
.param("grant_type", "client_credentials")
|
||||
.param("scope", "message:read message:write")
|
||||
.with(basicAuth(CLIENT_ID, CLIENT_SECRET)))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.access_token").isString())
|
||||
|
||||
+3
-5
@@ -35,7 +35,7 @@ import org.springframework.context.annotation.Role;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
@@ -47,9 +47,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
||||
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@@ -59,7 +58,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
* @author Steve Riesenberg
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class OAuth2AuthorizationServerSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -41,7 +41,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
@@ -329,7 +328,6 @@ public class OAuth2LoginApplicationTests {
|
||||
return response;
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public static class SecurityTestConfig {
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -17,7 +17,6 @@ package example;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
@@ -31,7 +30,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
*
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class OAuth2ResourceServerSecurityConfiguration {
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -40,7 +40,6 @@ import com.nimbusds.jwt.proc.JWTProcessor;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
@@ -54,7 +53,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
*
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class OAuth2ResourceServerSecurityConfiguration {
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '2.6.4'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
version=6.0.0-SNAPSHOT
|
||||
spring-security.version=6.0.0-SNAPSHOT
|
||||
version=5.7.0-SNAPSHOT
|
||||
spring-security.version=5.7.0-SNAPSHOT
|
||||
|
||||
+1
-1
@@ -19,7 +19,7 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -17,7 +17,6 @@ package example;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
@@ -28,7 +27,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
*
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class OAuth2ResourceServerSecurityConfiguration {
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
|
||||
-2
@@ -16,7 +16,6 @@
|
||||
package example;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@@ -32,7 +31,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
||||
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S
|
||||
|
||||
=== SAML 2.0 Login
|
||||
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
The following features are implemented in the MVP:
|
||||
|
||||
1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
|
||||
2. Send a SAML 2.0 AuthNRequest to an Identity Provider
|
||||
3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
|
||||
4. Work against the Okta SAML 2.0 IDP reference implementation
|
||||
4. Work against the SimpleSAMLphp reference implementation
|
||||
|
||||
=== SAML 2.0 Single Logout
|
||||
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
|
||||
|
||||
@@ -33,20 +33,19 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa
|
||||
|
||||
=== Start up the Sample Boot Application
|
||||
```
|
||||
./gradlew :servlet:spring-boot:java:saml2:login-single-tenant:bootRun
|
||||
|
||||
./gradlew :spring-security-samples-boot-saml2login:bootRun
|
||||
```
|
||||
|
||||
=== Open a Browser
|
||||
|
||||
http://localhost:8080/
|
||||
|
||||
You will be redirect to the Okta SAML 2.0 IDP
|
||||
You will be redirect to the SimpleSAMLphp IDP
|
||||
|
||||
=== Type in your credentials
|
||||
|
||||
```
|
||||
User: testuser@spring.security.saml
|
||||
Password: 12345678
|
||||
User: user
|
||||
Password: password
|
||||
```
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
@@ -24,7 +24,7 @@ dependencies {
|
||||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.64.0'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
||||
+2
-18
@@ -16,9 +16,6 @@
|
||||
|
||||
package example;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlElement;
|
||||
@@ -56,7 +53,7 @@ public class Saml2LoginApplicationITests {
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -65,20 +62,7 @@ public class Saml2LoginApplicationITests {
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
List<String> urls = new ArrayList<>();
|
||||
urls.add(loginPage.getUrl().getFile());
|
||||
urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
|
||||
assertThat(urls).withFailMessage(() -> {
|
||||
// @formatter:off
|
||||
String builder = loginPage.asXml()
|
||||
+ "\n\n\n"
|
||||
+ "Enclosing Page"
|
||||
+ "\n\n\n"
|
||||
+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
|
||||
// @formatter:on
|
||||
return builder;
|
||||
}).contains("/login?logout");
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
private void performLogin() throws Exception {
|
||||
|
||||
+5
-2
@@ -35,6 +35,7 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
|
||||
@@ -83,8 +84,10 @@ public class SecurityConfiguration {
|
||||
Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
|
||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two").signingX509Credentials((c) -> c.add(signing))
|
||||
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo").build();
|
||||
.registrationId("two")
|
||||
.signingX509Credentials((c) -> c.add(signing))
|
||||
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(two);
|
||||
}
|
||||
|
||||
|
||||
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S
|
||||
|
||||
=== SAML 2.0 Login
|
||||
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
The following features are implemented in the MVP:
|
||||
|
||||
1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
|
||||
2. Send a SAML 2.0 AuthNRequest to an Identity Provider
|
||||
3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
|
||||
4. Work against the Okta SAML 2.0 IDP reference implementation
|
||||
4. Work against the SimpleSAMLphp reference implementation
|
||||
|
||||
=== SAML 2.0 Single Logout
|
||||
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
|
||||
|
||||
@@ -33,19 +33,19 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa
|
||||
|
||||
=== Start up the Sample Boot Application
|
||||
```
|
||||
./gradlew :servlet:spring-boot:java:saml2:login:bootRun
|
||||
./gradlew :spring-security-samples-boot-saml2login:bootRun
|
||||
```
|
||||
|
||||
=== Open a Browser
|
||||
|
||||
http://localhost:8080/
|
||||
|
||||
You will be redirect to the Okta SAML 2.0 IDP
|
||||
You will be redirect to the SimpleSAMLphp IDP
|
||||
|
||||
=== Type in your credentials
|
||||
|
||||
```
|
||||
User: testuser@spring.security.saml
|
||||
Password: 12345678
|
||||
User: user
|
||||
Password: password
|
||||
```
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
@@ -14,9 +14,9 @@ repositories {
|
||||
|
||||
dependencies {
|
||||
constraints {
|
||||
implementation "org.opensaml:opensaml-core:4.2.0"
|
||||
implementation "org.opensaml:opensaml-saml-api:4.2.0"
|
||||
implementation "org.opensaml:opensaml-saml-impl:4.2.0"
|
||||
implementation "org.opensaml:opensaml-core:4.1.1"
|
||||
implementation "org.opensaml:opensaml-saml-api:4.1.1"
|
||||
implementation "org.opensaml:opensaml-saml-impl:4.1.1"
|
||||
}
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
|
||||
@@ -24,9 +24,10 @@ dependencies {
|
||||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
testImplementation 'org.awaitility:awaitility:4.2.0'
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
+56
-34
@@ -16,8 +16,7 @@
|
||||
|
||||
package example;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
@@ -28,6 +27,8 @@ import com.gargoylesoftware.htmlunit.html.HtmlPage;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -36,6 +37,7 @@ import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.awaitility.Awaitility.await;
|
||||
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
@@ -52,42 +54,16 @@ public class Saml2LoginApplicationITests {
|
||||
this.webClient.getCookieManager().clearCookies();
|
||||
}
|
||||
|
||||
@Test
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
List<String> urls = new ArrayList<>();
|
||||
urls.add(loginPage.getUrl().getFile());
|
||||
urls.add(((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).getUrl().getFile());
|
||||
assertThat(urls).withFailMessage(() -> {
|
||||
// @formatter:off
|
||||
String builder = loginPage.asXml()
|
||||
+ "\n\n\n"
|
||||
+ "Enclosing Page"
|
||||
+ "\n\n\n"
|
||||
+ ((HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage()).asXml();
|
||||
// @formatter:on
|
||||
return builder;
|
||||
}).contains("/login?logout");
|
||||
}
|
||||
|
||||
private void performLogin() throws Exception {
|
||||
private void performLogin(String registrationId) throws Exception {
|
||||
HtmlPage login = this.webClient.getPage("/");
|
||||
login.getAnchorByHref("/saml2/authenticate/" + registrationId).click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
HtmlForm form = findForm(login);
|
||||
HtmlPage okta = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
HtmlForm form = findForm(okta);
|
||||
HtmlInput username = form.getInputByName("username");
|
||||
HtmlPasswordInput password = form.getInputByName("password");
|
||||
HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
|
||||
HtmlSubmitInput submit = okta.getHtmlElementById("okta-signin-submit");
|
||||
username.type("testuser@spring.security.saml");
|
||||
password.type("12345678");
|
||||
submit.click();
|
||||
@@ -95,6 +71,8 @@ public class Saml2LoginApplicationITests {
|
||||
}
|
||||
|
||||
private HtmlForm findForm(HtmlPage login) {
|
||||
await().atMost(10, TimeUnit.SECONDS)
|
||||
.until(() -> login.getForms().stream().map(HtmlForm::getId).anyMatch("form19"::equals));
|
||||
for (HtmlForm form : login.getForms()) {
|
||||
try {
|
||||
if (form.getId().equals("form19")) {
|
||||
@@ -108,4 +86,48 @@ public class Saml2LoginApplicationITests {
|
||||
throw new IllegalStateException("Could not resolve login form");
|
||||
}
|
||||
|
||||
@DisplayName("Tenant one tests")
|
||||
@Nested
|
||||
class TenantOneTests {
|
||||
|
||||
@Test
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin("one");
|
||||
HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
performLogin("one");
|
||||
HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@DisplayName("Tenant two tests")
|
||||
@Nested
|
||||
class TenantTwoTests {
|
||||
|
||||
@Test
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin("two");
|
||||
HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
performLogin("two");
|
||||
HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+104
@@ -0,0 +1,104 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
|
||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
|
||||
|
||||
@Bean
|
||||
SecurityFilterChain app(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(Customizer.withDefaults())
|
||||
.saml2Logout(Customizer.withDefaults());
|
||||
// @formatter:on
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationResolver relyingPartyRegistrationResolver(
|
||||
RelyingPartyRegistrationRepository registrations) {
|
||||
return new DefaultRelyingPartyRegistrationResolver(registrations);
|
||||
}
|
||||
|
||||
@Bean
|
||||
FilterRegistrationBean<Saml2MetadataFilter> metadata(RelyingPartyRegistrationResolver registrations) {
|
||||
Saml2MetadataFilter metadata = new Saml2MetadataFilter(registrations, new OpenSamlMetadataResolver());
|
||||
FilterRegistrationBean<Saml2MetadataFilter> filter = new FilterRegistrationBean<>(metadata);
|
||||
filter.setOrder(-101);
|
||||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationRepository repository() {
|
||||
RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
||||
.registrationId("one")).build();
|
||||
RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two")).build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(one, two);
|
||||
}
|
||||
|
||||
RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
|
||||
Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
|
||||
return builder
|
||||
.signingX509Credentials((c) -> c.add(signing))
|
||||
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
|
||||
}
|
||||
|
||||
X509Certificate relyingPartyCertificate() {
|
||||
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
||||
try (InputStream is = resource.getInputStream()) {
|
||||
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new UnsupportedOperationException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,16 +1,2 @@
|
||||
logging.level:
|
||||
org.springframework.security: TRACE
|
||||
|
||||
spring:
|
||||
security:
|
||||
saml2:
|
||||
relyingparty:
|
||||
registration:
|
||||
one:
|
||||
signing.credentials:
|
||||
- private-key-location: classpath:credentials/rp-private.key
|
||||
certificate-location: classpath:credentials/rp-certificate.crt
|
||||
singlelogout:
|
||||
binding: POST
|
||||
url: "{baseUrl}/logout/saml2/slo"
|
||||
assertingparty.metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata
|
||||
|
||||
+24
@@ -0,0 +1,24 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD
|
||||
VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX
|
||||
c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw
|
||||
aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ
|
||||
BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa
|
||||
BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD
|
||||
DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr
|
||||
QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62
|
||||
E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz
|
||||
2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW
|
||||
RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ
|
||||
nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5
|
||||
cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph
|
||||
iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5
|
||||
ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO
|
||||
nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v
|
||||
ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu
|
||||
xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z
|
||||
V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3
|
||||
lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,4 +1,4 @@
|
||||
= SAML 2.0 Refreshable Metadata
|
||||
= SAML 2.0 Login & Logout Sample
|
||||
|
||||
This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
|
||||
It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
|
||||
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S
|
||||
|
||||
=== SAML 2.0 Login
|
||||
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
The following features are implemented in the MVP:
|
||||
|
||||
1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
|
||||
2. Send a SAML 2.0 AuthNRequest to an Identity Provider
|
||||
3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
|
||||
4. Work against the Okta SAML 2.0 IDP reference implementation
|
||||
4. Work against the SimpleSAMLphp reference implementation
|
||||
|
||||
=== SAML 2.0 Single Logout
|
||||
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
||||
`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
|
||||
|
||||
On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
|
||||
|
||||
@@ -45,14 +45,12 @@ This particular implementation uses a `@Scheduled` annotation to update its meta
|
||||
|
||||
http://localhost:8080/
|
||||
|
||||
You will be redirect to the Okta SAML 2.0 IDP
|
||||
You will be redirect to the SimpleSAMLphp IDP
|
||||
|
||||
=== Type in your credentials
|
||||
|
||||
```
|
||||
User: testuser@spring.security.saml
|
||||
Password: 12345678
|
||||
User: user
|
||||
Password: password
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'org.springframework.boot' version '3.0.0-SNAPSHOT'
|
||||
id 'org.springframework.boot' version '3.0.0-M1'
|
||||
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id 'java'
|
||||
@@ -24,7 +24,7 @@ dependencies {
|
||||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.64.0'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
||||
+1
-1
@@ -52,7 +52,7 @@ public class Saml2LoginApplicationITests {
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
private void performLogin() throws Exception {
|
||||
|
||||
+1
-1
@@ -68,7 +68,7 @@ public class RefreshableRelyingPartyRegistrationRepository
|
||||
|
||||
private void fetchMetadata(String registrationId, Saml2RelyingPartyProperties.Registration registration) {
|
||||
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
|
||||
.fromMetadataLocation(registration.getAssertingparty().getMetadataUri())
|
||||
.fromMetadataLocation(registration.getIdentityprovider().getMetadataUri())
|
||||
.signingX509Credentials((credentials) -> registration.getSigning().getCredentials().stream()
|
||||
.map(this::asSigningCredential).forEach(credentials::add))
|
||||
.registrationId(registrationId).build();
|
||||
|
||||
+1
-1
@@ -7,7 +7,7 @@ spring:
|
||||
signing.credentials:
|
||||
- private-key-location: classpath:credentials/rp-private.key
|
||||
certificate-location: classpath:credentials/rp-certificate.crt
|
||||
assertingparty:
|
||||
identityprovider:
|
||||
metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata
|
||||
|
||||
logging.level:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
|
||||
|
||||
plugins {
|
||||
id("org.springframework.boot") version "3.0.0-SNAPSHOT"
|
||||
id("org.springframework.boot") version "3.0.0-M1"
|
||||
id("io.spring.dependency-management") version "1.0.11.RELEASE"
|
||||
kotlin("jvm") version "1.6.0"
|
||||
kotlin("plugin.spring") version "1.6.0"
|
||||
|
||||
-2
@@ -17,7 +17,6 @@
|
||||
package org.springframework.security.samples.config
|
||||
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.core.userdetails.User
|
||||
@@ -28,7 +27,6 @@ import org.springframework.security.web.SecurityFilterChain
|
||||
/**
|
||||
* @author Eleftheria Stein
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ dependencies {
|
||||
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:3.64.0"
|
||||
integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
# Properties file with server URL settings for remote access.
|
||||
# Applied by PropertyPlaceholderConfigurer from "clientContext.xml".
|
||||
#
|
||||
|
||||
serverName=localhost
|
||||
httpPort=8080
|
||||
contextPath=/spring-security-sample-contacts-filter
|
||||
rmiPort=1099
|
||||
@@ -0,0 +1,73 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "https://www.springframework.org/dtd/spring-beans.dtd">
|
||||
|
||||
<!--
|
||||
- Contacts web application
|
||||
- Client application context
|
||||
-->
|
||||
|
||||
<beans>
|
||||
|
||||
<!-- Resolves ${...} placeholders from client.properties -->
|
||||
<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="location"><value>client.properties</value></property>
|
||||
</bean>
|
||||
|
||||
<!-- Proxy for the RMI-exported ContactManager -->
|
||||
<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
|
||||
<bean id="rmiProxy" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
|
||||
<property name="serviceInterface">
|
||||
<value>sample.contact.ContactManager</value>
|
||||
</property>
|
||||
<property name="serviceUrl">
|
||||
<value>rmi://${serverName}:${rmiPort}/contactManager</value>
|
||||
</property>
|
||||
<property name="remoteInvocationFactory">
|
||||
<ref bean="remoteInvocationFactory"/>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="remoteInvocationFactory" class="org.springframework.security.ui.rmi.ContextPropagatingRemoteInvocationFactory"/>
|
||||
-->
|
||||
|
||||
<!-- Proxy for the HTTP-invoker-exported ContactManager -->
|
||||
<!-- Spring's HTTP invoker uses Java serialization via HTTP -->
|
||||
<bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
|
||||
<property name="serviceInterface">
|
||||
<value>sample.contact.ContactManager</value>
|
||||
</property>
|
||||
<property name="serviceUrl">
|
||||
<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-httpinvoker</value>
|
||||
</property>
|
||||
<property name="httpInvokerRequestExecutor">
|
||||
<ref bean="httpInvokerRequestExecutor"/>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- Automatically propagates ContextHolder-managed Authentication principal
|
||||
and credentials to a HTTP invoker BASIC authentication header -->
|
||||
<bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
|
||||
|
||||
<!-- Proxy for the Hessian-exported ContactManager
|
||||
<bean id="hessianProxy" class="org.springframework.remoting.caucho.HessianProxyFactoryBean">
|
||||
<property name="serviceInterface">
|
||||
<value>sample.contact.ContactManager</value>
|
||||
</property>
|
||||
<property name="serviceUrl">
|
||||
<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-hessian</value>
|
||||
</property>
|
||||
</bean>
|
||||
-->
|
||||
|
||||
<!-- Proxy for the Burlap-exported ContactManager
|
||||
<bean id="burlapProxy" class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
|
||||
<property name="serviceInterface">
|
||||
<value>sample.contact.ContactManager</value>
|
||||
</property>
|
||||
<property name="serviceUrl">
|
||||
<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-burlap</value>
|
||||
</property>
|
||||
</bean>
|
||||
-->
|
||||
|
||||
</beans>
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user