Add Switch for Processing GET Requests

Issue gh-17099
2026-05-22 21:33:16 +00:00 · 2025-06-03 13:03:21 -06:00
parent 32c7e8a6ee
commit f73f253beb
3 changed files with 32 additions and 4 deletions
@@ -51,6 +51,8 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo

 	private Saml2AuthenticationRequestRepository<?> authenticationRequests = new HttpSessionSaml2AuthenticationRequestRepository();

+	private boolean shouldConvertGetRequests = true;
+
 	/**
 	 * Constructs a {@link BaseOpenSamlAuthenticationTokenConverter} given a repository
 	 * for {@link RelyingPartyRegistration}s
@@ -172,13 +174,19 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 		this.requestMatcher = requestMatcher;
 	}

+	void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
+		this.shouldConvertGetRequests = shouldConvertGetRequests;
+	}
+
 	private String decode(HttpServletRequest request) {
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
+		boolean isGet = HttpMethod.GET.matches(request.getMethod());
+		if (!this.shouldConvertGetRequests && isGet) {
+			return null;
+		}
+		Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet);
 		try {
-			return Saml2Utils.withEncoded(encoded)
-				.requireBase64(true)
-				.inflate(HttpMethod.GET.matches(request.getMethod()))
-				.decode();
+			return decoding.decode();
 		}
 		catch (Exception ex) {
 			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
@@ -101,4 +101,14 @@ public final class OpenSaml4AuthenticationTokenConverter implements Authenticati
 		this.delegate.setRequestMatcher(requestMatcher);
 	}

+	/**
+	 * Use the given {@code shouldConvertGetRequests} to convert {@code GET} requests.
+	 * Default is {@code true}.
+	 * @param shouldConvertGetRequests the {@code shouldConvertGetRequests} to use
+	 * @since 7.0
+	 */
+	public void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
+		this.delegate.setShouldConvertGetRequests(shouldConvertGetRequests);
+	}
+
 }
@@ -101,4 +101,14 @@ public final class OpenSaml5AuthenticationTokenConverter implements Authenticati
 		this.delegate.setRequestMatcher(requestMatcher);
 	}

+	/**
+	 * Use the given {@code shouldConvertGetRequests} to convert {@code GET} requests.
+	 * Default is {@code true}.
+	 * @param shouldConvertGetRequests the {@code shouldConvertGetRequests} to use
+	 * @since 7.0
+	 */
+	public void setShouldConvertGetRequests(boolean shouldConvertGetRequests) {
+		this.delegate.setShouldConvertGetRequests(shouldConvertGetRequests);
+	}
+
 }