Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Read relayState from authenticationRequest

Browse Source 
Closes gh-18243

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
This commit is contained in:
Andrey Litvitski
2026-03-10 21:24:26 +03:00
committed by Josh Cummings
parent ef76ba040d
commit e250236279
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java
+2 -1
View File
@@ -35,6 +35,7 @@ import org.springframework.util.Assert;
* that it was for the user trying to log in. Please see the reference for details.
*
* @author Josh Cummings
* @author Andrey Litvitski
* @since 6.5
*/
public final class CacheSaml2AuthenticationRequestRepository
@@ -53,7 +54,7 @@ public final class CacheSaml2AuthenticationRequestRepository
public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest,
HttpServletRequest request, HttpServletResponse response) {
Assert.notNull(authenticationRequest, "authenticationRequest must not be null");
String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE);
String relayState = authenticationRequest.getRelayState();
Assert.notNull(relayState, "relayState must not be null");
this.cache.put(relayState, authenticationRequest);
}
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepositoryTests.java
+9 -7
View File
@@ -42,9 +42,10 @@ class CacheSaml2AuthenticationRequestRepositoryTests {
@Test
void loadAuthenticationRequestWhenCachedThenReturns() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.RELAY_STATE, "test");
Saml2PostAuthenticationRequest authenticationRequest = TestSaml2PostAuthenticationRequests.create();
String relayState = authenticationRequest.getRelayState();
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.RELAY_STATE, relayState);
this.repository.saveAuthenticationRequest(authenticationRequest, request, null);
assertThat(this.repository.loadAuthenticationRequest(request)).isEqualTo(authenticationRequest);
this.repository.removeAuthenticationRequest(request, null);
@@ -77,15 +78,16 @@ class CacheSaml2AuthenticationRequestRepositoryTests {
CacheSaml2AuthenticationRequestRepository repository = new CacheSaml2AuthenticationRequestRepository();
Cache cache = spy(new ConcurrentMapCache("requests"));
repository.setCache(cache);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.RELAY_STATE, "test");
Saml2PostAuthenticationRequest authenticationRequest = TestSaml2PostAuthenticationRequests.create();
String relayState = authenticationRequest.getRelayState();
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.RELAY_STATE, relayState);
repository.saveAuthenticationRequest(authenticationRequest, request, null);
verify(cache).put(eq("test"), any());
verify(cache).put(eq(relayState), any());
repository.loadAuthenticationRequest(request);
verify(cache).get("test", AbstractSaml2AuthenticationRequest.class);
verify(cache).get(relayState, AbstractSaml2AuthenticationRequest.class);
repository.removeAuthenticationRequest(request, null);
verify(cache).evict("test");
verify(cache).evict(relayState);
}
}