From 356131b1ea6eede0c5306affab654f83a50d6bc9 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Wed, 29 Apr 2026 14:12:56 -0600 Subject: [PATCH] Use FormPostRedirectStrategy Closes gh-16673 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com> --- ...aml2WebSsoAuthenticationRequestFilter.java | 59 +++-------------- .../logout/Saml2LogoutRequestFilter.java | 65 +++++------------- ...ingPartyInitiatedLogoutSuccessHandler.java | 66 +++++-------------- ...ebSsoAuthenticationRequestFilterTests.java | 8 +-- .../logout/Saml2LogoutRequestFilterTests.java | 4 +- ...rtyInitiatedLogoutSuccessHandlerTests.java | 4 +- 6 files changed, 49 insertions(+), 157 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java index 591040b410..93c7df405b 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java @@ -24,17 +24,17 @@ import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.springframework.http.MediaType; import org.springframework.security.saml2.core.Saml2ParameterNames; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver; +import org.springframework.security.web.FormPostRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; import org.springframework.util.Assert; import org.springframework.util.StringUtils; import org.springframework.web.filter.OncePerRequestFilter; -import org.springframework.web.util.HtmlUtils; import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriUtils; @@ -67,6 +67,8 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter private Saml2AuthenticationRequestRepository authenticationRequestRepository = new HttpSessionSaml2AuthenticationRequestRepository(); + private final RedirectStrategy formPostRedirectStrategy = new FormPostRedirectStrategy(); + /** * Construct a {@link Saml2WebSsoAuthenticationRequestFilter} with the strategy for * resolving the {@code AuthnRequest} @@ -132,54 +134,11 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter private void sendPost(HttpServletRequest request, HttpServletResponse response, Saml2PostAuthenticationRequest authenticationRequest) throws IOException { this.authenticationRequestRepository.saveAuthenticationRequest(authenticationRequest, request, response); - String html = createSamlPostRequestFormData(authenticationRequest); - response.setContentType(MediaType.TEXT_HTML_VALUE); - response.getWriter().write(html); - } - - private String createSamlPostRequestFormData(Saml2PostAuthenticationRequest authenticationRequest) { - String authenticationRequestUri = authenticationRequest.getAuthenticationRequestUri(); - String relayState = authenticationRequest.getRelayState(); - String samlRequest = authenticationRequest.getSamlRequest(); - StringBuilder html = new StringBuilder(); - html.append("\n"); - html.append("\n").append(" \n"); - html.append("