Remove deprecated 'identityprovider' property
Closes gh-30751
This commit is contained in:
Moritz Halbritter
parent
1950d06585
commit
bb4bccde6c
|
|
@ -144,19 +144,6 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
.doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void backOffIfSaml2RelyingPartyAutoConfigurationPresentDeprecated() {
|
||||
this.contextRunner.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class))
|
||||
.withPropertyValues(
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.single-sign-on.sign-request=false",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.verification.credentials[0].certificate-location=classpath:saml/certificate-location")
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class)
|
||||
.doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN));
|
||||
}
|
||||
|
||||
@Test
|
||||
void backOffIfRemoteDevToolsSecurityFilterChainIsPresent() {
|
||||
this.contextRunner.withUserConfiguration(TestRemoteDevToolsSecurityFilterChainConfig.class).run((context) -> {
|
||||
|
|
|
|||
|
|
@ -69,13 +69,6 @@ public class Saml2RelyingPartyProperties {
|
|||
*/
|
||||
private final AssertingParty assertingParty = new AssertingParty();
|
||||
|
||||
/**
|
||||
* Remote SAML Identity Provider.
|
||||
* @deprecated use {@link #assertingParty}
|
||||
*/
|
||||
@Deprecated
|
||||
private final AssertingParty identityprovider = new AssertingParty();
|
||||
|
||||
public String getEntityId() {
|
||||
return this.entityId;
|
||||
}
|
||||
|
|
@ -100,16 +93,6 @@ public class Saml2RelyingPartyProperties {
|
|||
return this.assertingParty;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remote SAML Identity Provider.
|
||||
* @return remote SAML Identity Provider
|
||||
* @deprecated use {@link #getAssertingParty()}
|
||||
*/
|
||||
@Deprecated
|
||||
public AssertingParty getIdentityprovider() {
|
||||
return this.identityprovider;
|
||||
}
|
||||
|
||||
public static class Acs {
|
||||
|
||||
/**
|
||||
|
|
@ -299,7 +282,7 @@ public class Saml2RelyingPartyProperties {
|
|||
/**
|
||||
* Whether to sign authentication requests.
|
||||
*/
|
||||
private Boolean signRequest;
|
||||
private boolean signRequest = true;
|
||||
|
||||
public String getUrl() {
|
||||
return this.url;
|
||||
|
|
@ -321,11 +304,7 @@ public class Saml2RelyingPartyProperties {
|
|||
return this.signRequest;
|
||||
}
|
||||
|
||||
public Boolean getSignRequest() {
|
||||
return this.signRequest;
|
||||
}
|
||||
|
||||
public void setSignRequest(Boolean signRequest) {
|
||||
public void setSignRequest(boolean signRequest) {
|
||||
this.signRequest = signRequest;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,12 +23,8 @@ import java.security.interfaces.RSAPrivateKey;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Function;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties.AssertingParty;
|
||||
import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties.AssertingParty.Verification;
|
||||
|
|
@ -64,8 +60,6 @@ import org.springframework.util.StringUtils;
|
|||
@ConditionalOnMissingBean(RelyingPartyRegistrationRepository.class)
|
||||
class Saml2RelyingPartyRegistrationConfiguration {
|
||||
|
||||
private static final Log logger = LogFactory.getLog(Saml2RelyingPartyRegistrationConfiguration.class);
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationRepository relyingPartyRegistrationRepository(Saml2RelyingPartyProperties properties) {
|
||||
List<RelyingPartyRegistration> registrations = properties.getRegistration().entrySet().stream()
|
||||
|
|
@ -78,21 +72,19 @@ class Saml2RelyingPartyRegistrationConfiguration {
|
|||
}
|
||||
|
||||
private RelyingPartyRegistration asRegistration(String id, Registration properties) {
|
||||
boolean usingMetadata = StringUtils
|
||||
.hasText(getFromAssertingParty(properties, id, "metadata-uri", AssertingParty::getMetadataUri));
|
||||
boolean usingMetadata = StringUtils.hasText(properties.getAssertingParty().getMetadataUri());
|
||||
Builder builder = (usingMetadata) ? RelyingPartyRegistrations
|
||||
.fromMetadataLocation(
|
||||
getFromAssertingParty(properties, id, "metadata-uri", AssertingParty::getMetadataUri))
|
||||
.registrationId(id) : RelyingPartyRegistration.withRegistrationId(id);
|
||||
.fromMetadataLocation(properties.getAssertingParty().getMetadataUri()).registrationId(id)
|
||||
: RelyingPartyRegistration.withRegistrationId(id);
|
||||
builder.assertionConsumerServiceLocation(properties.getAcs().getLocation());
|
||||
builder.assertionConsumerServiceBinding(properties.getAcs().getBinding());
|
||||
builder.assertingPartyDetails(mapAssertingParty(properties, id, usingMetadata));
|
||||
builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingParty(), usingMetadata));
|
||||
builder.signingX509Credentials((credentials) -> properties.getSigning().getCredentials().stream()
|
||||
.map(this::asSigningCredential).forEach(credentials::add));
|
||||
builder.decryptionX509Credentials((credentials) -> properties.getDecryption().getCredentials().stream()
|
||||
.map(this::asDecryptionCredential).forEach(credentials::add));
|
||||
builder.assertingPartyDetails((details) -> details.verificationX509Credentials(
|
||||
(credentials) -> getFromAssertingParty(properties, id, "verification", AssertingParty::getVerification)
|
||||
builder.assertingPartyDetails((details) -> details
|
||||
.verificationX509Credentials((credentials) -> properties.getAssertingParty().getVerification()
|
||||
.getCredentials().stream().map(this::asVerificationCredential).forEach(credentials::add)));
|
||||
builder.entityId(properties.getEntityId());
|
||||
RelyingPartyRegistration registration = builder.build();
|
||||
|
|
@ -101,35 +93,14 @@ class Saml2RelyingPartyRegistrationConfiguration {
|
|||
return registration;
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
private <T> T getFromAssertingParty(Registration registration, String id, String name,
|
||||
Function<AssertingParty, T> getter) {
|
||||
T newValue = getter.apply(registration.getAssertingParty());
|
||||
if (newValue != null) {
|
||||
return newValue;
|
||||
}
|
||||
T deprecatedValue = getter.apply(registration.getIdentityprovider());
|
||||
if (deprecatedValue != null) {
|
||||
logger.warn(String.format(
|
||||
"Property 'spring.security.saml2.relyingparty.registration.identityprovider.%1$s.%2$s' is deprecated, please use 'spring.security.saml2.relyingparty.registration.asserting-party.%1$s.%2$s' instead",
|
||||
id, name));
|
||||
return deprecatedValue;
|
||||
}
|
||||
return newValue;
|
||||
}
|
||||
|
||||
private Consumer<AssertingPartyDetails.Builder> mapAssertingParty(Registration registration, String id,
|
||||
private Consumer<AssertingPartyDetails.Builder> mapAssertingParty(AssertingParty assertingParty,
|
||||
boolean usingMetadata) {
|
||||
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
|
||||
return (details) -> {
|
||||
map.from(() -> getFromAssertingParty(registration, id, "entity-id", AssertingParty::getEntityId))
|
||||
.to(details::entityId);
|
||||
map.from(() -> getFromAssertingParty(registration, id, "singlesignon.binding",
|
||||
(property) -> property.getSinglesignon().getBinding())).to(details::singleSignOnServiceBinding);
|
||||
map.from(() -> getFromAssertingParty(registration, id, "singlesignon.url",
|
||||
(property) -> property.getSinglesignon().getUrl())).to(details::singleSignOnServiceLocation);
|
||||
map.from(() -> getFromAssertingParty(registration, id, "singlesignon.sign-request",
|
||||
(property) -> property.getSinglesignon().getSignRequest())).when((ignored) -> !usingMetadata)
|
||||
map.from(assertingParty::getEntityId).to(details::entityId);
|
||||
map.from(assertingParty.getSinglesignon()::getBinding).to(details::singleSignOnServiceBinding);
|
||||
map.from(assertingParty.getSinglesignon()::getUrl).to(details::singleSignOnServiceLocation);
|
||||
map.from(assertingParty.getSinglesignon()::isSignRequest).when((signRequest) -> !usingMetadata)
|
||||
.to(details::wantAuthnRequestsSigned);
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,15 +62,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void autoConfigurationShouldBeConditionalOnRelyingPartyRegistrationRepositoryClass() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(false)).withClassLoader(new FilteredClassLoader(
|
||||
"org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository"))
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoConfigurationShouldBeConditionalOnRelyingPartyRegistrationRepositoryClassDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(true)).withClassLoader(new FilteredClassLoader(
|
||||
this.contextRunner.withPropertyValues(getPropertyValues()).withClassLoader(new FilteredClassLoader(
|
||||
"org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository"))
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
|
@ -79,16 +71,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
void autoConfigurationShouldBeConditionalOnServletWebApplication() {
|
||||
new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class))
|
||||
.withPropertyValues(getPropertyValues(false))
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoConfigurationShouldBeConditionalOnServletWebApplicationDeprecated() {
|
||||
new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class))
|
||||
.withPropertyValues(getPropertyValues(true))
|
||||
.withPropertyValues(getPropertyValues())
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
||||
|
|
@ -100,31 +83,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void relyingPartyRegistrationRepositoryBeanShouldBeCreatedWhenPropertiesPresent() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(false)).run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
|
||||
.isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php");
|
||||
assertThat(registration.getAssertingPartyDetails().getEntityId())
|
||||
.isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php");
|
||||
assertThat(registration.getAssertionConsumerServiceLocation())
|
||||
.isEqualTo("{baseUrl}/login/saml2/foo-entity-id");
|
||||
assertThat(registration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
|
||||
.isEqualTo(Saml2MessageBinding.POST);
|
||||
assertThat(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()).isEqualTo(false);
|
||||
assertThat(registration.getSigningX509Credentials()).hasSize(1);
|
||||
assertThat(registration.getDecryptionX509Credentials()).hasSize(1);
|
||||
assertThat(registration.getAssertingPartyDetails().getVerificationX509Credentials()).isNotNull();
|
||||
assertThat(registration.getEntityId()).isEqualTo("{baseUrl}/saml2/foo-entity-id");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void relyingPartyRegistrationRepositoryBeanShouldBeCreatedWhenPropertiesPresentDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(true)).run((context) -> {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues()).run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
|
||||
|
|
@ -147,18 +106,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void autoConfigurationWhenSignRequestsTrueAndNoSigningCredentialsShouldThrowException() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true, false))
|
||||
.run((context) -> {
|
||||
assertThat(context).hasFailed();
|
||||
assertThat(context.getStartupFailure()).hasMessageContaining(
|
||||
"Signing credentials must not be empty when authentication requests require signing.");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoConfigurationWhenSignRequestsTrueAndNoSigningCredentialsShouldThrowExceptionDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true, true)).run((context) -> {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true)).run((context) -> {
|
||||
assertThat(context).hasFailed();
|
||||
assertThat(context.getStartupFailure()).hasMessageContaining(
|
||||
"Signing credentials must not be empty when authentication requests require signing.");
|
||||
|
|
@ -167,14 +115,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void autoConfigurationWhenSignRequestsFalseAndNoSigningCredentialsShouldNotThrowException() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false, false))
|
||||
.run((context) -> assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoConfigurationWhenSignRequestsFalseAndNoSigningCredentialsShouldNotThrowExceptionDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false, true))
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false))
|
||||
.run((context) -> assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class));
|
||||
}
|
||||
|
||||
|
|
@ -192,21 +133,6 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoconfigurationShouldQueryAssertingPartyMetadataWhenMetadataUrlIsPresentDeprecated() throws Exception {
|
||||
try (MockWebServer server = new MockWebServer()) {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl)
|
||||
.run((context) -> {
|
||||
assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class);
|
||||
assertThat(server.getRequestCount()).isEqualTo(1);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void autoconfigurationShouldUseBindingFromMetadataUrlIfPresent() throws Exception {
|
||||
try (MockWebServer server = new MockWebServer()) {
|
||||
|
|
@ -224,24 +150,6 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoconfigurationShouldUseBindingFromMetadataUrlIfPresentDeprecated() throws Exception {
|
||||
try (MockWebServer server = new MockWebServer()) {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl)
|
||||
.run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context
|
||||
.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
|
||||
.isEqualTo(Saml2MessageBinding.POST);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void autoconfigurationWhenMetadataUrlAndPropertyPresentShouldUseBindingFromProperty() throws Exception {
|
||||
try (MockWebServer server = new MockWebServer()) {
|
||||
|
|
@ -259,38 +167,9 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoconfigurationWhenMetadataUrlAndPropertyPresentShouldUseBindingFromPropertyDeprecated() throws Exception {
|
||||
try (MockWebServer server = new MockWebServer()) {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl,
|
||||
PREFIX + ".foo.identityprovider.singlesignon.binding=redirect").run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context
|
||||
.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
|
||||
.isEqualTo(Saml2MessageBinding.REDIRECT);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void autoconfigurationWhenNoMetadataUrlOrPropertyPresentShouldUseRedirectBinding() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding(false)).run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
|
||||
.isEqualTo(Saml2MessageBinding.REDIRECT);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void autoconfigurationWhenNoMetadataUrlOrPropertyPresentShouldUseRedirectBindingDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding(true)).run((context) -> {
|
||||
this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding()).run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
|
||||
|
|
@ -300,17 +179,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void relyingPartyRegistrationRepositoryShouldBeConditionalOnMissingBean() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(false))
|
||||
.withUserConfiguration(RegistrationRepositoryConfiguration.class).run((context) -> {
|
||||
assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class);
|
||||
assertThat(context).hasBean("testRegistrationRepository");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void relyingPartyRegistrationRepositoryShouldBeConditionalOnMissingBeanDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(true))
|
||||
this.contextRunner.withPropertyValues(getPropertyValues())
|
||||
.withUserConfiguration(RegistrationRepositoryConfiguration.class).run((context) -> {
|
||||
assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class);
|
||||
assertThat(context).hasBean("testRegistrationRepository");
|
||||
|
|
@ -319,102 +188,59 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Test
|
||||
void samlLoginShouldBeConfigured() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(false))
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isTrue());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void samlLoginShouldBeConfiguredDeprecated() {
|
||||
this.contextRunner.withPropertyValues(getPropertyValues(true))
|
||||
this.contextRunner.withPropertyValues(getPropertyValues())
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isTrue());
|
||||
}
|
||||
|
||||
@Test
|
||||
void samlLoginShouldBackOffWhenAWebSecurityConfigurerAdapterIsDefined() {
|
||||
this.contextRunner.withUserConfiguration(WebSecurityConfigurerAdapterConfiguration.class)
|
||||
.withPropertyValues(getPropertyValues(false))
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void samlLoginShouldBackOffWhenAWebSecurityConfigurerAdapterIsDefinedDeprecated() {
|
||||
this.contextRunner.withUserConfiguration(WebSecurityConfigurerAdapterConfiguration.class)
|
||||
.withPropertyValues(getPropertyValues(true))
|
||||
.withPropertyValues(getPropertyValues())
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse());
|
||||
}
|
||||
|
||||
@Test
|
||||
void samlLoginShouldBackOffWhenASecurityFilterChainBeanIsPresent() {
|
||||
this.contextRunner.withUserConfiguration(TestSecurityFilterChainConfig.class)
|
||||
.withPropertyValues(getPropertyValues(false))
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void samlLoginShouldBackOffWhenASecurityFilterChainBeanIsPresentDeprecated() {
|
||||
this.contextRunner.withUserConfiguration(TestSecurityFilterChainConfig.class)
|
||||
.withPropertyValues(getPropertyValues(true))
|
||||
.withPropertyValues(getPropertyValues())
|
||||
.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse());
|
||||
}
|
||||
|
||||
@Test
|
||||
void samlLoginShouldShouldBeConditionalOnSecurityWebFilterClass() {
|
||||
this.contextRunner.withClassLoader(new FilteredClassLoader(SecurityFilterChain.class))
|
||||
.withPropertyValues(getPropertyValues(false))
|
||||
.withPropertyValues(getPropertyValues())
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(SecurityFilterChain.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
void samlLoginShouldShouldBeConditionalOnSecurityWebFilterClassDeprecated() {
|
||||
this.contextRunner.withClassLoader(new FilteredClassLoader(SecurityFilterChain.class))
|
||||
.withPropertyValues(getPropertyValues(true))
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(SecurityFilterChain.class));
|
||||
private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests) {
|
||||
return new String[] { PREFIX
|
||||
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.binding=post",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=" + signRequests,
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
}
|
||||
|
||||
private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests, boolean useDeprecated) {
|
||||
String assertingParty = useDeprecated ? "identityprovider" : "asserting-party";
|
||||
return new String[] {
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo." + assertingParty + ".singlesignon.binding=post",
|
||||
PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=" + signRequests,
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
private String[] getPropertyValuesWithoutSsoBinding() {
|
||||
return new String[] { PREFIX
|
||||
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
}
|
||||
|
||||
private String[] getPropertyValuesWithoutSsoBinding(boolean useDeprecated) {
|
||||
String assertingParty = useDeprecated ? "identityprovider" : "asserting-party";
|
||||
return new String[] {
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=false",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
}
|
||||
|
||||
private String[] getPropertyValues(boolean useDeprecated) {
|
||||
String assertingParty = useDeprecated ? "identityprovider" : "asserting-party";
|
||||
private String[] getPropertyValues() {
|
||||
return new String[] {
|
||||
PREFIX + ".foo.signing.credentials[0].private-key-location=classpath:saml/private-key-location",
|
||||
PREFIX + ".foo.signing.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.decryption.credentials[0].private-key-location=classpath:saml/private-key-location",
|
||||
PREFIX + ".foo.decryption.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo." + assertingParty + ".singlesignon.binding=post",
|
||||
PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=false",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo." + assertingParty
|
||||
+ ".verification.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.binding=post",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.entity-id={baseUrl}/saml2/foo-entity-id",
|
||||
PREFIX + ".foo.acs.location={baseUrl}/login/saml2/foo-entity-id",
|
||||
PREFIX + ".foo.acs.binding=redirect" };
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class Saml2RelyingPartyPropertiesTests {
|
|||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request",
|
||||
"false");
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon()
|
||||
.getSignRequest()).isEqualTo(false);
|
||||
.isSignRequest()).isEqualTo(false);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -86,6 +86,13 @@ class Saml2RelyingPartyPropertiesTests {
|
|||
.isEqualTo("https://idp.example.org/metadata");
|
||||
}
|
||||
|
||||
@Test
|
||||
void customizeSsoSignRequestsIsTrueByDefault() {
|
||||
this.properties.getRegistration().put("simplesamlphp", new Saml2RelyingPartyProperties.Registration());
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon()
|
||||
.isSignRequest()).isEqualTo(true);
|
||||
}
|
||||
|
||||
private void bind(String name, String value) {
|
||||
bind(Collections.singletonMap(name, value));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue