Compare commits
54 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f226490be3 | |||
| f84c4ea583 | |||
| 2c9dc08e43 | |||
| 5a7f12f1a9 | |||
| 8d6ede27d1 | |||
| 747b806d37 | |||
| 3b355a0278 | |||
| 82e3061120 | |||
| a6d362fa18 | |||
| dcfee957b5 | |||
| 37984c2e11 | |||
| d17a533e86 | |||
| b3a43d6154 | |||
| 712595b3a3 | |||
| a87fc4ea8a | |||
| 85d7e9ab55 | |||
| e7bff4240a | |||
| 9794952153 | |||
| 4b30acd1e0 | |||
| 4e6b8e4d29 | |||
| e550c48180 | |||
| 6d5f87e631 | |||
| 2202632cad | |||
| a3c06d98ca | |||
| 8fe0303bad | |||
| 8f42c86a57 | |||
| a4a4c813d4 | |||
| 5dae6da15a | |||
| 6955c7aaea | |||
| 0ab9ad774d | |||
| e1c4177cd8 | |||
| 7f34ef7951 | |||
| c2e97d7661 | |||
| 7e9f421a77 | |||
| ddd5d2e9cd | |||
| b20d05724f | |||
| 27cd9fa86c | |||
| 94a66f7a26 | |||
| 7f106f0419 | |||
| 5f80468de3 | |||
| 2f762fefe1 | |||
| 2fdd541ea5 | |||
| 45c37c4454 | |||
| 89246998c4 | |||
| e8c93fdc98 | |||
| 008296cce2 | |||
| 238bc9733a | |||
| d80fade8b1 | |||
| 0c70f358d5 | |||
| 748c723bba | |||
| 2bd2aa9a75 | |||
| 7d38686e09 | |||
| 8b9beb0e1f | |||
| dd5bfc0b31 |
@@ -1,13 +1,52 @@
|
||||
name: Merge Dependabot PR
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
on: pull_request_target
|
||||
|
||||
run-name: Merge Dependabot PR ${{ github.ref_name }}
|
||||
|
||||
permissions: write-all
|
||||
|
||||
jobs:
|
||||
merge-dependabot-pr:
|
||||
permissions: write-all
|
||||
uses: spring-io/spring-github-workflows/.github/workflows/spring-merge-dependabot-pr.yml@1e8b0587a1f4f01697f9753fa3339c3e0d30f396
|
||||
with:
|
||||
mergeArguments: '--auto --rebase'
|
||||
runs-on: ubuntu-latest
|
||||
if: github.actor == 'dependabot[bot]'
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
show-progress: false
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
|
||||
- uses: actions/setup-java@v4
|
||||
with:
|
||||
distribution: temurin
|
||||
java-version: 17
|
||||
|
||||
- name: Set Milestone to Dependabot Pull Request
|
||||
id: set-milestone
|
||||
run: |
|
||||
if test -f pom.xml
|
||||
then
|
||||
CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)
|
||||
else
|
||||
CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }')
|
||||
fi
|
||||
export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
|
||||
MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title')
|
||||
|
||||
if [ -z $MILESTONE ]
|
||||
then
|
||||
gh run cancel ${{ github.run_id }}
|
||||
echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"
|
||||
else
|
||||
gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
|
||||
echo mergeEnabled=true >> $GITHUB_OUTPUT
|
||||
fi
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Merge Dependabot pull request
|
||||
if: steps.set-milestone.outputs.mergeEnabled
|
||||
run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
|
||||
|
||||
@@ -106,5 +106,6 @@ tasks.register('cloneRepository', IncludeRepoTask) {
|
||||
}
|
||||
|
||||
s101 {
|
||||
repository = 'https://structure101.com/binaries/latest'
|
||||
configurationDirectory = project.file("etc/s101")
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -17,7 +17,6 @@
|
||||
package s101;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@@ -34,18 +33,11 @@ import java.util.HashMap;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.jar.JarEntry;
|
||||
import java.util.jar.JarInputStream;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPage;
|
||||
import com.github.mustachejava.DefaultMustacheFactory;
|
||||
import com.github.mustachejava.Mustache;
|
||||
import com.github.mustachejava.MustacheFactory;
|
||||
@@ -71,6 +63,10 @@ public class S101Configurer {
|
||||
|
||||
private final Path licenseDirectory;
|
||||
|
||||
private final String repository;
|
||||
|
||||
private final String version;
|
||||
|
||||
private final Project project;
|
||||
private final Logger logger;
|
||||
|
||||
@@ -90,6 +86,9 @@ public class S101Configurer {
|
||||
throw new UncheckedIOException(ex);
|
||||
}
|
||||
this.licenseDirectory = new File(System.getProperty("user.home") + "/.Structure101/java").toPath();
|
||||
S101PluginExtension extension = project.getExtensions().getByType(S101PluginExtension.class);
|
||||
this.repository = extension.getRepository().get();
|
||||
this.version = extension.getVersion().get();
|
||||
}
|
||||
|
||||
public void license(String licenseId) {
|
||||
@@ -129,25 +128,7 @@ public class S101Configurer {
|
||||
|
||||
public void configure(File installationDirectory, File configurationDirectory) {
|
||||
deleteDirectory(configurationDirectory);
|
||||
String version = computeVersionFromInstallation(installationDirectory);
|
||||
configureProject(version, configurationDirectory);
|
||||
}
|
||||
|
||||
private String computeVersionFromInstallation(File installationDirectory) {
|
||||
File buildJar = new File(installationDirectory, "structure101-java-build.jar");
|
||||
try (JarInputStream input = new JarInputStream(new FileInputStream(buildJar))) {
|
||||
JarEntry entry;
|
||||
while ((entry = input.getNextJarEntry()) != null) {
|
||||
if (entry.getName().contains("structure101-build.properties")) {
|
||||
Properties properties = new Properties();
|
||||
properties.load(input);
|
||||
return properties.getProperty("s101-build");
|
||||
}
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
throw new IllegalStateException("Unable to determine Structure101 version");
|
||||
configureProject(this.version, configurationDirectory);
|
||||
}
|
||||
|
||||
private boolean deleteDirectory(File directoryToBeDeleted) {
|
||||
@@ -161,24 +142,8 @@ public class S101Configurer {
|
||||
}
|
||||
|
||||
private String installBuildTool(File installationDirectory, File configurationDirectory) {
|
||||
String source = "https://structure101.com/binaries/v6";
|
||||
try (final WebClient webClient = new WebClient()) {
|
||||
HtmlPage page = webClient.getPage(source);
|
||||
Matcher matcher = null;
|
||||
for (HtmlAnchor anchor : page.getAnchors()) {
|
||||
Matcher candidate = Pattern.compile("(structure101-build-java-all-)(.*).zip").matcher(anchor.getHrefAttribute());
|
||||
if (candidate.find()) {
|
||||
matcher = candidate;
|
||||
}
|
||||
}
|
||||
if (matcher == null) {
|
||||
return null;
|
||||
}
|
||||
copyZipToFilesystem(source, installationDirectory, matcher.group(1) + matcher.group(2));
|
||||
return matcher.group(2);
|
||||
} catch (Exception ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
copyZipToFilesystem(this.repository, installationDirectory, "structure101-build-java-all-" + this.version);
|
||||
return this.version;
|
||||
}
|
||||
|
||||
private void copyZipToFilesystem(String source, File destination, String name) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -17,7 +17,12 @@
|
||||
package s101;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPage;
|
||||
import org.gradle.api.Project;
|
||||
import org.gradle.api.provider.Property;
|
||||
import org.gradle.api.tasks.Input;
|
||||
@@ -25,6 +30,11 @@ import org.gradle.api.tasks.InputDirectory;
|
||||
|
||||
public class S101PluginExtension {
|
||||
private final Property<String> licenseId;
|
||||
|
||||
private final Property<String> repository;
|
||||
|
||||
private final Property<String> version;
|
||||
|
||||
private final Property<File> installationDirectory;
|
||||
private final Property<File> configurationDirectory;
|
||||
private final Property<String> label;
|
||||
@@ -65,6 +75,24 @@ public class S101PluginExtension {
|
||||
this.label.set(label);
|
||||
}
|
||||
|
||||
@Input
|
||||
public Property<String> getRepository() {
|
||||
return repository;
|
||||
}
|
||||
|
||||
public void setRepository(String repository) {
|
||||
this.repository.set(repository);
|
||||
}
|
||||
|
||||
@Input
|
||||
public Property<String> getVersion() {
|
||||
return this.version;
|
||||
}
|
||||
|
||||
public void setVersion(String version) {
|
||||
this.version.set(version);
|
||||
}
|
||||
|
||||
public S101PluginExtension(Project project) {
|
||||
this.licenseId = project.getObjects().property(String.class);
|
||||
if (project.hasProperty("s101.licenseId")) {
|
||||
@@ -78,5 +106,31 @@ public class S101PluginExtension {
|
||||
if (project.hasProperty("s101.label")) {
|
||||
setLabel((String) project.findProperty("s101.label"));
|
||||
}
|
||||
this.repository = project.getObjects().property(String.class);
|
||||
if (project.hasProperty("s101.repository")) {
|
||||
setRepository((String) project.findProperty("s101.repository"));
|
||||
} else {
|
||||
setRepository("https://structure101.com/binaries/v6");
|
||||
}
|
||||
this.version = project.getObjects().property(String.class);
|
||||
if (project.hasProperty("s101.version")) {
|
||||
setVersion((String) project.findProperty("s101.version"));
|
||||
} else {
|
||||
try (final WebClient webClient = new WebClient()) {
|
||||
HtmlPage page = webClient.getPage(getRepository().get());
|
||||
Matcher matcher = null;
|
||||
for (HtmlAnchor anchor : page.getAnchors()) {
|
||||
Matcher candidate = Pattern.compile("(structure101-build-java-all-)(.*).zip").matcher(anchor.getHrefAttribute());
|
||||
if (candidate.find()) {
|
||||
matcher = candidate;
|
||||
}
|
||||
}
|
||||
if (matcher != null) {
|
||||
setVersion(matcher.group(2));
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
-1
@@ -31,7 +31,6 @@ import org.springframework.security.authentication.AccountStatusUserDetailsCheck
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.cas.ServiceProperties;
|
||||
import org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
|
||||
+41
@@ -0,0 +1,41 @@
|
||||
/*
|
||||
* Copyright 2011-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.cas.authentication;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
import org.springframework.security.cas.ServiceProperties;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
* In order for the {@link CasAuthenticationProvider} to provide the correct service url
|
||||
* to authenticate the ticket, the returned value of {@link Authentication#getDetails()}
|
||||
* should implement this interface when tickets can be sent to any URL rather than only
|
||||
* {@link ServiceProperties#getService()}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @see org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
|
||||
*/
|
||||
public interface ServiceAuthenticationDetails extends Serializable {
|
||||
|
||||
/**
|
||||
* Gets the absolute service url (i.e. https://example.com/service/).
|
||||
* @return the service url. Cannot be <code>null</code>.
|
||||
*/
|
||||
String getServiceUrl();
|
||||
|
||||
}
|
||||
+11
-9
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2023 the original author or authors.
|
||||
* Copyright 2011-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -16,22 +16,24 @@
|
||||
|
||||
package org.springframework.security.cas.web.authentication;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
import org.springframework.security.cas.ServiceProperties;
|
||||
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
* In order for the {@link CasAuthenticationProvider} to provide the correct service url
|
||||
* to authenticate the ticket, the returned value of {@link Authentication#getDetails()}
|
||||
* should implement this interface when tickets can be sent to any URL rather than only
|
||||
* {@link ServiceProperties#getService()}.
|
||||
* In order for the
|
||||
* {@link org.springframework.security.cas.authentication.CasAuthenticationProvider} to
|
||||
* provide the correct service url to authenticate the ticket, the returned value of
|
||||
* {@link Authentication#getDetails()} should implement this interface when tickets can be
|
||||
* sent to any URL rather than only {@link ServiceProperties#getService()}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @see ServiceAuthenticationDetailsSource
|
||||
* @deprecated Please use
|
||||
* org.springframework.security.cas.authentication.ServiceAuthenticationDetails
|
||||
*/
|
||||
public interface ServiceAuthenticationDetails extends Serializable {
|
||||
@Deprecated
|
||||
public interface ServiceAuthenticationDetails
|
||||
extends org.springframework.security.cas.authentication.ServiceAuthenticationDetails {
|
||||
|
||||
/**
|
||||
* Gets the absolute service url (i.e. https://example.com/service/).
|
||||
|
||||
+1
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2023 the original author or authors.
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -335,7 +335,6 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
LogoutFilter result = new LogoutFilter(getLogoutSuccessHandler(), handlers);
|
||||
result.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
result.setLogoutRequestMatcher(getLogoutRequestMatcher(http));
|
||||
result.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
result = postProcess(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
+1
-1
@@ -23,11 +23,11 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
|
||||
import org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver;
|
||||
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
||||
import org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@@ -61,8 +61,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
|
||||
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
private boolean isFullyAuthenticated(Authentication authentication) {
|
||||
return (!this.authenticationTrustResolver.isAnonymous(authentication)
|
||||
&& !this.authenticationTrustResolver.isRememberMe(authentication));
|
||||
return this.authenticationTrustResolver.isFullyAuthenticated(authentication);
|
||||
}
|
||||
|
||||
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
|
||||
|
||||
+2
-2
@@ -93,7 +93,7 @@ public final class AuthorizationManagerAfterMethodInterceptor
|
||||
PostAuthorizeAuthorizationManager authorizationManager) {
|
||||
AuthorizationManagerAfterMethodInterceptor interceptor = new AuthorizationManagerAfterMethodInterceptor(
|
||||
AuthorizationMethodPointcuts.forAnnotations(PostAuthorize.class), authorizationManager);
|
||||
interceptor.setOrder(500);
|
||||
interceptor.setOrder(AuthorizationInterceptorsOrder.POST_AUTHORIZE.getOrder());
|
||||
return interceptor;
|
||||
}
|
||||
|
||||
@@ -107,7 +107,7 @@ public final class AuthorizationManagerAfterMethodInterceptor
|
||||
AuthorizationManager<MethodInvocationResult> authorizationManager) {
|
||||
AuthorizationManagerAfterMethodInterceptor interceptor = new AuthorizationManagerAfterMethodInterceptor(
|
||||
AuthorizationMethodPointcuts.forAnnotations(PostAuthorize.class), authorizationManager);
|
||||
interceptor.setOrder(500);
|
||||
interceptor.setOrder(AuthorizationInterceptorsOrder.POST_AUTHORIZE.getOrder());
|
||||
return interceptor;
|
||||
}
|
||||
|
||||
|
||||
+3
@@ -59,6 +59,7 @@ public class AuthenticatedVoterTests {
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createAnonymous(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -68,6 +69,7 @@ public class AuthenticatedVoterTests {
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createRememberMe(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -77,6 +79,7 @@ public class AuthenticatedVoterTests {
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
|
||||
assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -20,7 +20,7 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
|
||||
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
|
||||
new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
|
||||
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
|
||||
);
|
||||
|
||||
http
|
||||
@@ -38,7 +38,7 @@ Kotlin::
|
||||
@Bean
|
||||
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
|
||||
val customLogoutHandler = DelegatingServerLogoutHandler(
|
||||
WebSessionServerLogoutHandler(), SecurityContextServerLogoutHandler()
|
||||
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
|
||||
)
|
||||
|
||||
return http {
|
||||
|
||||
@@ -38,7 +38,7 @@ public class MyApplication {
|
||||
|
||||
@Bean
|
||||
ObservationRegistryCustomizer<ObservationRegistry> addTextHandler() {
|
||||
return (registry) -> registry.observationConfig().observationHandler(new ObservationTextHandler());
|
||||
return (registry) -> registry.observationConfig().observationHandler(new ObservationTextPublisher());
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
@@ -67,7 +67,7 @@ class MyApplication {
|
||||
@Bean
|
||||
fun addTextHandler(): ObservationRegistryCustomizer<ObservationRegistry> {
|
||||
return registry: ObservationRegistry -> registry.observationConfig()
|
||||
.observationHandler(ObservationTextHandler());
|
||||
.observationHandler(ObservationTextPublisher());
|
||||
}
|
||||
|
||||
fun main(args: Array<String>) {
|
||||
@@ -129,7 +129,7 @@ public class MyApplication {
|
||||
@Bean
|
||||
ObservationRegistry<ObservationRegistry> observationRegistry() {
|
||||
ObservationRegistry registry = ObservationRegistry.create();
|
||||
registry.observationConfig().observationHandler(new ObservationTextHandler());
|
||||
registry.observationConfig().observationHandler(new ObservationTextPublisher());
|
||||
return registry;
|
||||
}
|
||||
|
||||
@@ -159,7 +159,7 @@ class MyApplication {
|
||||
@Bean
|
||||
fun observationRegistry(): ObservationRegistry<ObservationRegistry> {
|
||||
ObservationRegistry registry = ObservationRegistry.create()
|
||||
registry.observationConfig().observationHandler(ObservationTextHandler())
|
||||
registry.observationConfig().observationHandler(ObservationTextPublisher())
|
||||
return registry
|
||||
}
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ public class MyApplication {
|
||||
|
||||
@Bean
|
||||
ObservationRegistryCustomizer<ObservationRegistry> addTextHandler() {
|
||||
return (registry) -> registry.observationConfig().observationHandler(new ObservationTextHandler());
|
||||
return (registry) -> registry.observationConfig().observationHandler(new ObservationTextPublisher());
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
@@ -67,7 +67,7 @@ class MyApplication {
|
||||
@Bean
|
||||
fun addTextHandler(): ObservationRegistryCustomizer<ObservationRegistry> {
|
||||
return registry: ObservationRegistry -> registry.observationConfig()
|
||||
.observationHandler(ObservationTextHandler());
|
||||
.observationHandler(ObservationTextPublisher());
|
||||
}
|
||||
|
||||
fun main(args: Array<String>) {
|
||||
@@ -134,7 +134,7 @@ public class MyApplication {
|
||||
@Bean
|
||||
ObservationRegistry<ObservationRegistry> observationRegistry() {
|
||||
ObservationRegistry registry = ObservationRegistry.create();
|
||||
registry.observationConfig().observationHandler(new ObservationTextHandler());
|
||||
registry.observationConfig().observationHandler(new ObservationTextPublisher());
|
||||
return registry;
|
||||
}
|
||||
|
||||
@@ -164,7 +164,7 @@ class MyApplication {
|
||||
@Bean
|
||||
fun observationRegistry(): ObservationRegistry<ObservationRegistry> {
|
||||
ObservationRegistry registry = ObservationRegistry.create()
|
||||
registry.observationConfig().observationHandler(ObservationTextHandler())
|
||||
registry.observationConfig().observationHandler(ObservationTextPublisher())
|
||||
return registry
|
||||
}
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<property name="relative-to" value="const(THIS_FILE)/../.." />
|
||||
<property name="action-set-mod" value="1" />
|
||||
<property name="detail-mode" value="true" />
|
||||
<property name="hide-deprecated" value="false" />
|
||||
<property name="hide-deprecated" value="true" />
|
||||
<property name="resolve-name-clashes" value="true" />
|
||||
<property name="project-excluded" />
|
||||
<property name="show-needs-to-compile" value="false" />
|
||||
@@ -29,11 +29,8 @@
|
||||
<classpathentry kind="lib" path="oauth2/oauth2-core/build/classes/java/main" module="spring-security-oauth2-core" />
|
||||
<classpathentry kind="lib" path="oauth2/oauth2-jose/build/classes/java/main" module="spring-security-oauth2-jose" />
|
||||
<classpathentry kind="lib" path="oauth2/oauth2-resource-server/build/classes/java/main" module="spring-security-oauth2-resource-server" />
|
||||
<classpathentry kind="lib" path="remoting/build/classes/java/main" module="spring-security-remoting" />
|
||||
<classpathentry kind="lib" path="rsocket/build/classes/java/main" module="spring-security-rsocket" />
|
||||
<classpathentry kind="lib" path="saml2/saml2-service-provider/build/classes/java/main" module="spring-security-saml2-service-provider" />
|
||||
<classpathentry kind="lib" path="saml2/saml2-service-provider/build/classes/java/opensaml3Main" module="spring-security-saml2-service-provider" />
|
||||
<classpathentry kind="lib" path="saml2/saml2-service-provider/build/classes/java/opensaml4Main" module="spring-security-saml2-service-provider" />
|
||||
<classpathentry kind="lib" path="taglibs/build/classes/java/main" module="spring-security-taglibs" />
|
||||
<classpathentry kind="lib" path="test/build/classes/java/main" module="spring-security-test" />
|
||||
<classpathentry kind="lib" path="web/build/classes/java/main" module="spring-security-web" />
|
||||
|
||||
+1
-1
@@ -1,5 +1,5 @@
|
||||
springBootVersion=3.1.1
|
||||
version=6.1.7-SNAPSHOT
|
||||
version=6.1.8
|
||||
samplesBranch=6.1.x
|
||||
org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError
|
||||
org.gradle.parallel=true
|
||||
|
||||
@@ -6,14 +6,14 @@ io-spring-nohttp = "0.0.11"
|
||||
jakarta-websocket = "2.1.1"
|
||||
org-apache-directory-server = "1.5.5"
|
||||
org-apache-maven-resolver = "1.8.2"
|
||||
org-aspectj = "1.9.21.1"
|
||||
org-aspectj = "1.9.21.2"
|
||||
org-bouncycastle = "1.70"
|
||||
org-eclipse-jetty = "11.0.20"
|
||||
org-jetbrains-kotlin = "1.8.22"
|
||||
org-jetbrains-kotlinx = "1.6.4"
|
||||
org-mockito = "4.8.1"
|
||||
org-opensaml = "4.1.1"
|
||||
org-springframework = "6.0.17"
|
||||
org-springframework = "6.0.18"
|
||||
|
||||
[libraries]
|
||||
ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.4.14"
|
||||
@@ -28,8 +28,8 @@ com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:6.0.11"
|
||||
commons-collections = "commons-collections:commons-collections:3.2.2"
|
||||
io-freefair-gradle-aspectj-plugin = "io.freefair.gradle:aspectj-plugin:6.6.3"
|
||||
io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.10.13"
|
||||
io-mockk = "io.mockk:mockk:1.13.9"
|
||||
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2022.0.16"
|
||||
io-mockk = "io.mockk:mockk:1.13.10"
|
||||
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2022.0.17"
|
||||
io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" }
|
||||
io-spring-javaformat-spring-javaformat-checkstyle = { module = "io.spring.javaformat:spring-javaformat-checkstyle", version.ref = "io-spring-javaformat" }
|
||||
io-spring-javaformat-spring-javaformat-gradle-plugin = { module = "io.spring.javaformat:spring-javaformat-gradle-plugin", version.ref = "io-spring-javaformat" }
|
||||
@@ -44,7 +44,7 @@ jakarta-servlet-jsp-jakarta-servlet-jsp-api = "jakarta.servlet.jsp:jakarta.servl
|
||||
jakarta-servlet-jsp-jstl-jakarta-servlet-jsp-jstl-api = "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api:3.0.0"
|
||||
jakarta-websocket-jakarta-websocket-api = { module = "jakarta.websocket:jakarta.websocket-api", version.ref = "jakarta-websocket" }
|
||||
jakarta-websocket-jakarta-websocket-client-api = { module = "jakarta.websocket:jakarta.websocket-client-api", version.ref = "jakarta-websocket" }
|
||||
jakarta-xml-bind-jakarta-xml-bind-api = "jakarta.xml.bind:jakarta.xml.bind-api:4.0.1"
|
||||
jakarta-xml-bind-jakarta-xml-bind-api = "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2"
|
||||
ldapsdk = "ldapsdk:ldapsdk:4.1"
|
||||
net-sourceforge-htmlunit = "net.sourceforge.htmlunit:htmlunit:2.66.0"
|
||||
org-apache-directory-server-apacheds-core = { module = "org.apache.directory.server:apacheds-core", version.ref = "org-apache-directory-server" }
|
||||
|
||||
+9
-142
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2023 the original author or authors.
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -16,25 +16,9 @@
|
||||
|
||||
package org.springframework.security.saml2.provider.service.metadata;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.saml2.Saml2Exception;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* An implementation of {@link Saml2MetadataResponseResolver} that identifies which
|
||||
@@ -42,140 +26,23 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* @author Josh Cummings
|
||||
* @since 6.1
|
||||
* @deprecated Please use
|
||||
* {@link org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver}
|
||||
*/
|
||||
public final class RequestMatcherMetadataResponseResolver implements Saml2MetadataResponseResolver {
|
||||
|
||||
private static final String DEFAULT_METADATA_FILENAME = "saml-{registrationId}-metadata.xml";
|
||||
|
||||
private RequestMatcher matcher = new OrRequestMatcher(
|
||||
new AntPathRequestMatcher("/saml2/service-provider-metadata/{registrationId}"),
|
||||
new AntPathRequestMatcher("/saml2/metadata/{registrationId}"),
|
||||
new AntPathRequestMatcher("/saml2/metadata"));
|
||||
|
||||
private String filename = DEFAULT_METADATA_FILENAME;
|
||||
|
||||
private final RelyingPartyRegistrationRepository registrations;
|
||||
|
||||
private final Saml2MetadataResolver metadata;
|
||||
@Deprecated
|
||||
public final class RequestMatcherMetadataResponseResolver extends
|
||||
org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver {
|
||||
|
||||
/**
|
||||
* Construct a {@link RequestMatcherMetadataResponseResolver}
|
||||
* Construct a
|
||||
* {@link org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver}
|
||||
* @param registrations the source for relying party metadata
|
||||
* @param metadata the strategy for converting {@link RelyingPartyRegistration}s into
|
||||
* metadata
|
||||
*/
|
||||
public RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository registrations,
|
||||
Saml2MetadataResolver metadata) {
|
||||
Assert.notNull(registrations, "relyingPartyRegistrationRepository cannot be null");
|
||||
Assert.notNull(metadata, "saml2MetadataResolver cannot be null");
|
||||
this.registrations = registrations;
|
||||
this.metadata = metadata;
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct and serialize a relying party's SAML 2.0 metadata based on the given
|
||||
* {@link HttpServletRequest}. Uses the configured {@link RequestMatcher} to identify
|
||||
* the metadata request, including looking for any indicated {@code registrationId}.
|
||||
*
|
||||
* <p>
|
||||
* If a {@code registrationId} is found in the request, it will attempt to use that,
|
||||
* erroring if no {@link RelyingPartyRegistration} is found.
|
||||
*
|
||||
* <p>
|
||||
* If no {@code registrationId} is found in the request, it will attempt to show all
|
||||
* {@link RelyingPartyRegistration}s in an {@code <md:EntitiesDescriptor>}. To
|
||||
* exercise this functionality, the provided
|
||||
* {@link RelyingPartyRegistrationRepository} needs to implement {@link Iterable}.
|
||||
* @param request the HTTP request
|
||||
* @return a {@link Saml2MetadataResponse} instance
|
||||
* @throws Saml2Exception if the {@link RequestMatcher} specifies a non-existent
|
||||
* {@code registrationId}
|
||||
*/
|
||||
@Override
|
||||
public Saml2MetadataResponse resolve(HttpServletRequest request) {
|
||||
RequestMatcher.MatchResult result = this.matcher.matcher(request);
|
||||
if (!result.isMatch()) {
|
||||
return null;
|
||||
}
|
||||
String registrationId = result.getVariables().get("registrationId");
|
||||
Saml2MetadataResponse response = responseByRegistrationId(request, registrationId);
|
||||
if (response != null) {
|
||||
return response;
|
||||
}
|
||||
if (this.registrations instanceof Iterable<?>) {
|
||||
Iterable<RelyingPartyRegistration> registrations = (Iterable<RelyingPartyRegistration>) this.registrations;
|
||||
return responseByIterable(request, registrations);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private Saml2MetadataResponse responseByRegistrationId(HttpServletRequest request, String registrationId) {
|
||||
if (registrationId == null) {
|
||||
return null;
|
||||
}
|
||||
RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
|
||||
if (registration == null) {
|
||||
throw new Saml2Exception("registration not found");
|
||||
}
|
||||
return responseByIterable(request, Collections.singleton(registration));
|
||||
}
|
||||
|
||||
private Saml2MetadataResponse responseByIterable(HttpServletRequest request,
|
||||
Iterable<RelyingPartyRegistration> registrations) {
|
||||
Map<String, RelyingPartyRegistration> results = new LinkedHashMap<>();
|
||||
for (RelyingPartyRegistration registration : registrations) {
|
||||
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
|
||||
String entityId = uriResolver.resolve(registration.getEntityId());
|
||||
results.computeIfAbsent(entityId, (e) -> {
|
||||
String ssoLocation = uriResolver.resolve(registration.getAssertionConsumerServiceLocation());
|
||||
String sloLocation = uriResolver.resolve(registration.getSingleLogoutServiceLocation());
|
||||
String sloResponseLocation = uriResolver.resolve(registration.getSingleLogoutServiceResponseLocation());
|
||||
return registration.mutate()
|
||||
.entityId(entityId)
|
||||
.assertionConsumerServiceLocation(ssoLocation)
|
||||
.singleLogoutServiceLocation(sloLocation)
|
||||
.singleLogoutServiceResponseLocation(sloResponseLocation)
|
||||
.build();
|
||||
});
|
||||
}
|
||||
String metadata = this.metadata.resolve(results.values());
|
||||
String value = (results.size() == 1) ? results.values().iterator().next().getRegistrationId()
|
||||
: UUID.randomUUID().toString();
|
||||
String fileName = this.filename.replace("{registrationId}", value);
|
||||
try {
|
||||
String encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name());
|
||||
return new Saml2MetadataResponse(metadata, encodedFileName);
|
||||
}
|
||||
catch (UnsupportedEncodingException ex) {
|
||||
throw new Saml2Exception(ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this {@link RequestMatcher} to identity which requests to generate metadata
|
||||
* for. By default, matches {@code /saml2/metadata},
|
||||
* {@code /saml2/metadata/{registrationId}}, {@code /saml2/service-provider-metadata},
|
||||
* and {@code /saml2/service-provider-metadata/{registrationId}}
|
||||
* @param requestMatcher the {@link RequestMatcher} to use
|
||||
*/
|
||||
public void setRequestMatcher(RequestMatcher requestMatcher) {
|
||||
Assert.notNull(requestMatcher, "requestMatcher cannot be empty");
|
||||
this.matcher = requestMatcher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the metadata filename template. If it contains the {@code {registrationId}}
|
||||
* placeholder, it will be resolved as a random UUID if there are multiple
|
||||
* {@link RelyingPartyRegistration}s. Otherwise, it will be replaced by the
|
||||
* {@link RelyingPartyRegistration}'s id.
|
||||
*
|
||||
* <p>
|
||||
* The default value is {@code saml-{registrationId}-metadata.xml}
|
||||
* @param metadataFilename metadata filename, must contain a {registrationId}
|
||||
*/
|
||||
public void setMetadataFilename(String metadataFilename) {
|
||||
Assert.hasText(metadataFilename, "metadataFilename cannot be empty");
|
||||
this.filename = metadataFilename;
|
||||
super(registrations, metadata);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+185
@@ -0,0 +1,185 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.saml2.provider.service.web.metadata;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.saml2.Saml2Exception;
|
||||
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
|
||||
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse;
|
||||
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* An implementation of {@link Saml2MetadataResponseResolver} that identifies which
|
||||
* {@link RelyingPartyRegistration}s to use with a {@link RequestMatcher}
|
||||
*
|
||||
* @author Josh Cummings
|
||||
* @since 6.1
|
||||
*/
|
||||
public class RequestMatcherMetadataResponseResolver implements Saml2MetadataResponseResolver {
|
||||
|
||||
private static final String DEFAULT_METADATA_FILENAME = "saml-{registrationId}-metadata.xml";
|
||||
|
||||
private RequestMatcher matcher = new OrRequestMatcher(
|
||||
new AntPathRequestMatcher("/saml2/service-provider-metadata/{registrationId}"),
|
||||
new AntPathRequestMatcher("/saml2/metadata/{registrationId}"),
|
||||
new AntPathRequestMatcher("/saml2/metadata"));
|
||||
|
||||
private String filename = DEFAULT_METADATA_FILENAME;
|
||||
|
||||
private final RelyingPartyRegistrationRepository registrations;
|
||||
|
||||
private final Saml2MetadataResolver metadata;
|
||||
|
||||
/**
|
||||
* Construct a
|
||||
* {@link org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver}
|
||||
* @param registrations the source for relying party metadata
|
||||
* @param metadata the strategy for converting {@link RelyingPartyRegistration}s into
|
||||
* metadata
|
||||
*/
|
||||
public RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository registrations,
|
||||
Saml2MetadataResolver metadata) {
|
||||
Assert.notNull(registrations, "relyingPartyRegistrationRepository cannot be null");
|
||||
Assert.notNull(metadata, "saml2MetadataResolver cannot be null");
|
||||
this.registrations = registrations;
|
||||
this.metadata = metadata;
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct and serialize a relying party's SAML 2.0 metadata based on the given
|
||||
* {@link HttpServletRequest}. Uses the configured {@link RequestMatcher} to identify
|
||||
* the metadata request, including looking for any indicated {@code registrationId}.
|
||||
*
|
||||
* <p>
|
||||
* If a {@code registrationId} is found in the request, it will attempt to use that,
|
||||
* erroring if no {@link RelyingPartyRegistration} is found.
|
||||
*
|
||||
* <p>
|
||||
* If no {@code registrationId} is found in the request, it will attempt to show all
|
||||
* {@link RelyingPartyRegistration}s in an {@code <md:EntitiesDescriptor>}. To
|
||||
* exercise this functionality, the provided
|
||||
* {@link RelyingPartyRegistrationRepository} needs to implement {@link Iterable}.
|
||||
* @param request the HTTP request
|
||||
* @return a {@link Saml2MetadataResponse} instance
|
||||
* @throws Saml2Exception if the {@link RequestMatcher} specifies a non-existent
|
||||
* {@code registrationId}
|
||||
*/
|
||||
@Override
|
||||
public Saml2MetadataResponse resolve(HttpServletRequest request) {
|
||||
RequestMatcher.MatchResult result = this.matcher.matcher(request);
|
||||
if (!result.isMatch()) {
|
||||
return null;
|
||||
}
|
||||
String registrationId = result.getVariables().get("registrationId");
|
||||
Saml2MetadataResponse response = responseByRegistrationId(request, registrationId);
|
||||
if (response != null) {
|
||||
return response;
|
||||
}
|
||||
if (this.registrations instanceof Iterable<?>) {
|
||||
Iterable<RelyingPartyRegistration> registrations = (Iterable<RelyingPartyRegistration>) this.registrations;
|
||||
return responseByIterable(request, registrations);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private Saml2MetadataResponse responseByRegistrationId(HttpServletRequest request, String registrationId) {
|
||||
if (registrationId == null) {
|
||||
return null;
|
||||
}
|
||||
RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
|
||||
if (registration == null) {
|
||||
throw new Saml2Exception("registration not found");
|
||||
}
|
||||
return responseByIterable(request, Collections.singleton(registration));
|
||||
}
|
||||
|
||||
private Saml2MetadataResponse responseByIterable(HttpServletRequest request,
|
||||
Iterable<RelyingPartyRegistration> registrations) {
|
||||
Map<String, RelyingPartyRegistration> results = new LinkedHashMap<>();
|
||||
for (RelyingPartyRegistration registration : registrations) {
|
||||
RelyingPartyRegistrationPlaceholderResolvers.UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers
|
||||
.uriResolver(request, registration);
|
||||
String entityId = uriResolver.resolve(registration.getEntityId());
|
||||
results.computeIfAbsent(entityId, (e) -> {
|
||||
String ssoLocation = uriResolver.resolve(registration.getAssertionConsumerServiceLocation());
|
||||
String sloLocation = uriResolver.resolve(registration.getSingleLogoutServiceLocation());
|
||||
String sloResponseLocation = uriResolver.resolve(registration.getSingleLogoutServiceResponseLocation());
|
||||
return registration.mutate()
|
||||
.entityId(entityId)
|
||||
.assertionConsumerServiceLocation(ssoLocation)
|
||||
.singleLogoutServiceLocation(sloLocation)
|
||||
.singleLogoutServiceResponseLocation(sloResponseLocation)
|
||||
.build();
|
||||
});
|
||||
}
|
||||
String metadata = this.metadata.resolve(results.values());
|
||||
String value = (results.size() == 1) ? results.values().iterator().next().getRegistrationId()
|
||||
: UUID.randomUUID().toString();
|
||||
String fileName = this.filename.replace("{registrationId}", value);
|
||||
try {
|
||||
String encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name());
|
||||
return new Saml2MetadataResponse(metadata, encodedFileName);
|
||||
}
|
||||
catch (UnsupportedEncodingException ex) {
|
||||
throw new Saml2Exception(ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this {@link RequestMatcher} to identity which requests to generate metadata
|
||||
* for. By default, matches {@code /saml2/metadata},
|
||||
* {@code /saml2/metadata/{registrationId}}, {@code /saml2/service-provider-metadata},
|
||||
* and {@code /saml2/service-provider-metadata/{registrationId}}
|
||||
* @param requestMatcher the {@link RequestMatcher} to use
|
||||
*/
|
||||
public void setRequestMatcher(RequestMatcher requestMatcher) {
|
||||
Assert.notNull(requestMatcher, "requestMatcher cannot be empty");
|
||||
this.matcher = requestMatcher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the metadata filename template. If it contains the {@code {registrationId}}
|
||||
* placeholder, it will be resolved as a random UUID if there are multiple
|
||||
* {@link RelyingPartyRegistration}s. Otherwise, it will be replaced by the
|
||||
* {@link RelyingPartyRegistration}'s id.
|
||||
*
|
||||
* <p>
|
||||
* The default value is {@code saml-{registrationId}-metadata.xml}
|
||||
* @param metadataFilename metadata filename, must contain a {registrationId}
|
||||
*/
|
||||
public void setMetadataFilename(String metadataFilename) {
|
||||
Assert.hasText(metadataFilename, "metadataFilename cannot be empty");
|
||||
this.filename = metadataFilename;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2021 the original author or authors.
|
||||
* Copyright 2012-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -130,9 +130,13 @@ public class StrictHttpFirewall implements HttpFirewall {
|
||||
private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = (
|
||||
s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches();
|
||||
|
||||
private static final Pattern HEADER_VALUE_PATTERN = Pattern.compile("[\\p{IsAssigned}&&[[^\\p{IsControl}]||\\t]]*");
|
||||
|
||||
private static final Predicate<String> HEADER_VALUE_PREDICATE = (s) -> HEADER_VALUE_PATTERN.matcher(s).matches();
|
||||
|
||||
private Predicate<String> allowedHeaderNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
|
||||
|
||||
private Predicate<String> allowedHeaderValues = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
|
||||
private Predicate<String> allowedHeaderValues = HEADER_VALUE_PREDICATE;
|
||||
|
||||
private Predicate<String> allowedParameterNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE;
|
||||
|
||||
|
||||
+8
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2021 the original author or authors.
|
||||
* Copyright 2012-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -781,6 +781,13 @@ public class StrictHttpFirewallTests {
|
||||
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Something"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getFirewalledRequestGetHeaderWhenHorizontalTabInHeaderValueThenNoException() {
|
||||
this.request.addHeader("Something", "tab\tvalue");
|
||||
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
|
||||
assertThat(request.getHeader("Something")).isEqualTo("tab\tvalue");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() {
|
||||
this.request.addHeader("Something", "bad\uFFFEvalue");
|
||||
|
||||
Reference in New Issue
Block a user