diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java index 0738bc3706e..3c53693c089 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java @@ -144,19 +144,6 @@ class ManagementWebSecurityAutoConfigurationTests { .doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN)); } - @Test - @Deprecated - void backOffIfSaml2RelyingPartyAutoConfigurationPresentDeprecated() { - this.contextRunner.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class)) - .withPropertyValues( - "spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php", - "spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.single-sign-on.sign-request=false", - "spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", - "spring.security.saml2.relyingparty.registration.simplesamlphp.identityprovider.verification.credentials[0].certificate-location=classpath:saml/certificate-location") - .run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class) - .doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN)); - } - @Test void backOffIfRemoteDevToolsSecurityFilterChainIsPresent() { this.contextRunner.withUserConfiguration(TestRemoteDevToolsSecurityFilterChainConfig.class).run((context) -> { diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java index 73d74fdf9d1..b789a4ed797 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java @@ -69,13 +69,6 @@ public class Saml2RelyingPartyProperties { */ private final AssertingParty assertingParty = new AssertingParty(); - /** - * Remote SAML Identity Provider. - * @deprecated use {@link #assertingParty} - */ - @Deprecated - private final AssertingParty identityprovider = new AssertingParty(); - public String getEntityId() { return this.entityId; } @@ -100,16 +93,6 @@ public class Saml2RelyingPartyProperties { return this.assertingParty; } - /** - * Remote SAML Identity Provider. - * @return remote SAML Identity Provider - * @deprecated use {@link #getAssertingParty()} - */ - @Deprecated - public AssertingParty getIdentityprovider() { - return this.identityprovider; - } - public static class Acs { /** @@ -299,7 +282,7 @@ public class Saml2RelyingPartyProperties { /** * Whether to sign authentication requests. */ - private Boolean signRequest; + private boolean signRequest = true; public String getUrl() { return this.url; @@ -321,11 +304,7 @@ public class Saml2RelyingPartyProperties { return this.signRequest; } - public Boolean getSignRequest() { - return this.signRequest; - } - - public void setSignRequest(Boolean signRequest) { + public void setSignRequest(boolean signRequest) { this.signRequest = signRequest; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java index 66c2a5473a5..fa54027b3ac 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java @@ -23,12 +23,8 @@ import java.security.interfaces.RSAPrivateKey; import java.util.List; import java.util.Map; import java.util.function.Consumer; -import java.util.function.Function; import java.util.stream.Collectors; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties.AssertingParty; import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties.AssertingParty.Verification; @@ -64,8 +60,6 @@ import org.springframework.util.StringUtils; @ConditionalOnMissingBean(RelyingPartyRegistrationRepository.class) class Saml2RelyingPartyRegistrationConfiguration { - private static final Log logger = LogFactory.getLog(Saml2RelyingPartyRegistrationConfiguration.class); - @Bean RelyingPartyRegistrationRepository relyingPartyRegistrationRepository(Saml2RelyingPartyProperties properties) { List registrations = properties.getRegistration().entrySet().stream() @@ -78,21 +72,19 @@ class Saml2RelyingPartyRegistrationConfiguration { } private RelyingPartyRegistration asRegistration(String id, Registration properties) { - boolean usingMetadata = StringUtils - .hasText(getFromAssertingParty(properties, id, "metadata-uri", AssertingParty::getMetadataUri)); + boolean usingMetadata = StringUtils.hasText(properties.getAssertingParty().getMetadataUri()); Builder builder = (usingMetadata) ? RelyingPartyRegistrations - .fromMetadataLocation( - getFromAssertingParty(properties, id, "metadata-uri", AssertingParty::getMetadataUri)) - .registrationId(id) : RelyingPartyRegistration.withRegistrationId(id); + .fromMetadataLocation(properties.getAssertingParty().getMetadataUri()).registrationId(id) + : RelyingPartyRegistration.withRegistrationId(id); builder.assertionConsumerServiceLocation(properties.getAcs().getLocation()); builder.assertionConsumerServiceBinding(properties.getAcs().getBinding()); - builder.assertingPartyDetails(mapAssertingParty(properties, id, usingMetadata)); + builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingParty(), usingMetadata)); builder.signingX509Credentials((credentials) -> properties.getSigning().getCredentials().stream() .map(this::asSigningCredential).forEach(credentials::add)); builder.decryptionX509Credentials((credentials) -> properties.getDecryption().getCredentials().stream() .map(this::asDecryptionCredential).forEach(credentials::add)); - builder.assertingPartyDetails((details) -> details.verificationX509Credentials( - (credentials) -> getFromAssertingParty(properties, id, "verification", AssertingParty::getVerification) + builder.assertingPartyDetails((details) -> details + .verificationX509Credentials((credentials) -> properties.getAssertingParty().getVerification() .getCredentials().stream().map(this::asVerificationCredential).forEach(credentials::add))); builder.entityId(properties.getEntityId()); RelyingPartyRegistration registration = builder.build(); @@ -101,35 +93,14 @@ class Saml2RelyingPartyRegistrationConfiguration { return registration; } - @SuppressWarnings("deprecation") - private T getFromAssertingParty(Registration registration, String id, String name, - Function getter) { - T newValue = getter.apply(registration.getAssertingParty()); - if (newValue != null) { - return newValue; - } - T deprecatedValue = getter.apply(registration.getIdentityprovider()); - if (deprecatedValue != null) { - logger.warn(String.format( - "Property 'spring.security.saml2.relyingparty.registration.identityprovider.%1$s.%2$s' is deprecated, please use 'spring.security.saml2.relyingparty.registration.asserting-party.%1$s.%2$s' instead", - id, name)); - return deprecatedValue; - } - return newValue; - } - - private Consumer mapAssertingParty(Registration registration, String id, + private Consumer mapAssertingParty(AssertingParty assertingParty, boolean usingMetadata) { PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); return (details) -> { - map.from(() -> getFromAssertingParty(registration, id, "entity-id", AssertingParty::getEntityId)) - .to(details::entityId); - map.from(() -> getFromAssertingParty(registration, id, "singlesignon.binding", - (property) -> property.getSinglesignon().getBinding())).to(details::singleSignOnServiceBinding); - map.from(() -> getFromAssertingParty(registration, id, "singlesignon.url", - (property) -> property.getSinglesignon().getUrl())).to(details::singleSignOnServiceLocation); - map.from(() -> getFromAssertingParty(registration, id, "singlesignon.sign-request", - (property) -> property.getSinglesignon().getSignRequest())).when((ignored) -> !usingMetadata) + map.from(assertingParty::getEntityId).to(details::entityId); + map.from(assertingParty.getSinglesignon()::getBinding).to(details::singleSignOnServiceBinding); + map.from(assertingParty.getSinglesignon()::getUrl).to(details::singleSignOnServiceLocation); + map.from(assertingParty.getSinglesignon()::isSignRequest).when((signRequest) -> !usingMetadata) .to(details::wantAuthnRequestsSigned); }; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java index f6035b1e428..81d92c4bd03 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java @@ -62,15 +62,7 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void autoConfigurationShouldBeConditionalOnRelyingPartyRegistrationRepositoryClass() { - this.contextRunner.withPropertyValues(getPropertyValues(false)).withClassLoader(new FilteredClassLoader( - "org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository")) - .run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class)); - } - - @Test - @Deprecated - void autoConfigurationShouldBeConditionalOnRelyingPartyRegistrationRepositoryClassDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValues(true)).withClassLoader(new FilteredClassLoader( + this.contextRunner.withPropertyValues(getPropertyValues()).withClassLoader(new FilteredClassLoader( "org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository")) .run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class)); } @@ -79,16 +71,7 @@ class Saml2RelyingPartyAutoConfigurationTests { void autoConfigurationShouldBeConditionalOnServletWebApplication() { new ApplicationContextRunner() .withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class)) - .withPropertyValues(getPropertyValues(false)) - .run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class)); - } - - @Test - @Deprecated - void autoConfigurationShouldBeConditionalOnServletWebApplicationDeprecated() { - new ApplicationContextRunner() - .withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class)) - .withPropertyValues(getPropertyValues(true)) + .withPropertyValues(getPropertyValues()) .run((context) -> assertThat(context).doesNotHaveBean(RelyingPartyRegistrationRepository.class)); } @@ -100,31 +83,7 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void relyingPartyRegistrationRepositoryBeanShouldBeCreatedWhenPropertiesPresent() { - this.contextRunner.withPropertyValues(getPropertyValues(false)).run((context) -> { - RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class); - RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); - - assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()) - .isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php"); - assertThat(registration.getAssertingPartyDetails().getEntityId()) - .isEqualTo("https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php"); - assertThat(registration.getAssertionConsumerServiceLocation()) - .isEqualTo("{baseUrl}/login/saml2/foo-entity-id"); - assertThat(registration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); - assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) - .isEqualTo(Saml2MessageBinding.POST); - assertThat(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()).isEqualTo(false); - assertThat(registration.getSigningX509Credentials()).hasSize(1); - assertThat(registration.getDecryptionX509Credentials()).hasSize(1); - assertThat(registration.getAssertingPartyDetails().getVerificationX509Credentials()).isNotNull(); - assertThat(registration.getEntityId()).isEqualTo("{baseUrl}/saml2/foo-entity-id"); - }); - } - - @Test - @Deprecated - void relyingPartyRegistrationRepositoryBeanShouldBeCreatedWhenPropertiesPresentDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValues(true)).run((context) -> { + this.contextRunner.withPropertyValues(getPropertyValues()).run((context) -> { RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class); RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); @@ -147,18 +106,7 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void autoConfigurationWhenSignRequestsTrueAndNoSigningCredentialsShouldThrowException() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true, false)) - .run((context) -> { - assertThat(context).hasFailed(); - assertThat(context.getStartupFailure()).hasMessageContaining( - "Signing credentials must not be empty when authentication requests require signing."); - }); - } - - @Test - @Deprecated - void autoConfigurationWhenSignRequestsTrueAndNoSigningCredentialsShouldThrowExceptionDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true, true)).run((context) -> { + this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(true)).run((context) -> { assertThat(context).hasFailed(); assertThat(context.getStartupFailure()).hasMessageContaining( "Signing credentials must not be empty when authentication requests require signing."); @@ -167,14 +115,7 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void autoConfigurationWhenSignRequestsFalseAndNoSigningCredentialsShouldNotThrowException() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false, false)) - .run((context) -> assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class)); - } - - @Test - @Deprecated - void autoConfigurationWhenSignRequestsFalseAndNoSigningCredentialsShouldNotThrowExceptionDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false, true)) + this.contextRunner.withPropertyValues(getPropertyValuesWithoutSigningCredentials(false)) .run((context) -> assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class)); } @@ -192,21 +133,6 @@ class Saml2RelyingPartyAutoConfigurationTests { } } - @Test - @Deprecated - void autoconfigurationShouldQueryAssertingPartyMetadataWhenMetadataUrlIsPresentDeprecated() throws Exception { - try (MockWebServer server = new MockWebServer()) { - server.start(); - String metadataUrl = server.url("").toString(); - setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); - this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl) - .run((context) -> { - assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class); - assertThat(server.getRequestCount()).isEqualTo(1); - }); - } - } - @Test void autoconfigurationShouldUseBindingFromMetadataUrlIfPresent() throws Exception { try (MockWebServer server = new MockWebServer()) { @@ -224,24 +150,6 @@ class Saml2RelyingPartyAutoConfigurationTests { } } - @Test - @Deprecated - void autoconfigurationShouldUseBindingFromMetadataUrlIfPresentDeprecated() throws Exception { - try (MockWebServer server = new MockWebServer()) { - server.start(); - String metadataUrl = server.url("").toString(); - setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); - this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl) - .run((context) -> { - RelyingPartyRegistrationRepository repository = context - .getBean(RelyingPartyRegistrationRepository.class); - RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); - assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) - .isEqualTo(Saml2MessageBinding.POST); - }); - } - } - @Test void autoconfigurationWhenMetadataUrlAndPropertyPresentShouldUseBindingFromProperty() throws Exception { try (MockWebServer server = new MockWebServer()) { @@ -259,38 +167,9 @@ class Saml2RelyingPartyAutoConfigurationTests { } } - @Test - @Deprecated - void autoconfigurationWhenMetadataUrlAndPropertyPresentShouldUseBindingFromPropertyDeprecated() throws Exception { - try (MockWebServer server = new MockWebServer()) { - server.start(); - String metadataUrl = server.url("").toString(); - setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); - this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl, - PREFIX + ".foo.identityprovider.singlesignon.binding=redirect").run((context) -> { - RelyingPartyRegistrationRepository repository = context - .getBean(RelyingPartyRegistrationRepository.class); - RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); - assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) - .isEqualTo(Saml2MessageBinding.REDIRECT); - }); - } - } - @Test void autoconfigurationWhenNoMetadataUrlOrPropertyPresentShouldUseRedirectBinding() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding(false)).run((context) -> { - RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class); - RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); - assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) - .isEqualTo(Saml2MessageBinding.REDIRECT); - }); - } - - @Test - @Deprecated - void autoconfigurationWhenNoMetadataUrlOrPropertyPresentShouldUseRedirectBindingDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding(true)).run((context) -> { + this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding()).run((context) -> { RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class); RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) @@ -300,17 +179,7 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void relyingPartyRegistrationRepositoryShouldBeConditionalOnMissingBean() { - this.contextRunner.withPropertyValues(getPropertyValues(false)) - .withUserConfiguration(RegistrationRepositoryConfiguration.class).run((context) -> { - assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class); - assertThat(context).hasBean("testRegistrationRepository"); - }); - } - - @Test - @Deprecated - void relyingPartyRegistrationRepositoryShouldBeConditionalOnMissingBeanDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValues(true)) + this.contextRunner.withPropertyValues(getPropertyValues()) .withUserConfiguration(RegistrationRepositoryConfiguration.class).run((context) -> { assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class); assertThat(context).hasBean("testRegistrationRepository"); @@ -319,102 +188,59 @@ class Saml2RelyingPartyAutoConfigurationTests { @Test void samlLoginShouldBeConfigured() { - this.contextRunner.withPropertyValues(getPropertyValues(false)) - .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isTrue()); - } - - @Test - @Deprecated - void samlLoginShouldBeConfiguredDeprecated() { - this.contextRunner.withPropertyValues(getPropertyValues(true)) + this.contextRunner.withPropertyValues(getPropertyValues()) .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isTrue()); } @Test void samlLoginShouldBackOffWhenAWebSecurityConfigurerAdapterIsDefined() { this.contextRunner.withUserConfiguration(WebSecurityConfigurerAdapterConfiguration.class) - .withPropertyValues(getPropertyValues(false)) - .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse()); - } - - @Test - @Deprecated - void samlLoginShouldBackOffWhenAWebSecurityConfigurerAdapterIsDefinedDeprecated() { - this.contextRunner.withUserConfiguration(WebSecurityConfigurerAdapterConfiguration.class) - .withPropertyValues(getPropertyValues(true)) + .withPropertyValues(getPropertyValues()) .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse()); } @Test void samlLoginShouldBackOffWhenASecurityFilterChainBeanIsPresent() { this.contextRunner.withUserConfiguration(TestSecurityFilterChainConfig.class) - .withPropertyValues(getPropertyValues(false)) - .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse()); - } - - @Test - @Deprecated - void samlLoginShouldBackOffWhenASecurityFilterChainBeanIsPresentDeprecated() { - this.contextRunner.withUserConfiguration(TestSecurityFilterChainConfig.class) - .withPropertyValues(getPropertyValues(true)) + .withPropertyValues(getPropertyValues()) .run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse()); } @Test void samlLoginShouldShouldBeConditionalOnSecurityWebFilterClass() { this.contextRunner.withClassLoader(new FilteredClassLoader(SecurityFilterChain.class)) - .withPropertyValues(getPropertyValues(false)) + .withPropertyValues(getPropertyValues()) .run((context) -> assertThat(context).doesNotHaveBean(SecurityFilterChain.class)); } - @Test - @Deprecated - void samlLoginShouldShouldBeConditionalOnSecurityWebFilterClassDeprecated() { - this.contextRunner.withClassLoader(new FilteredClassLoader(SecurityFilterChain.class)) - .withPropertyValues(getPropertyValues(true)) - .run((context) -> assertThat(context).doesNotHaveBean(SecurityFilterChain.class)); + private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests) { + return new String[] { PREFIX + + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", + PREFIX + ".foo.asserting-party.singlesignon.binding=post", + PREFIX + ".foo.asserting-party.singlesignon.sign-request=" + signRequests, + PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", + PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; } - private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests, boolean useDeprecated) { - String assertingParty = useDeprecated ? "identityprovider" : "asserting-party"; - return new String[] { - PREFIX + ".foo." + assertingParty - + ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", - PREFIX + ".foo." + assertingParty + ".singlesignon.binding=post", - PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=" + signRequests, - PREFIX + ".foo." + assertingParty - + ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", - PREFIX + ".foo." + assertingParty - + ".verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; + private String[] getPropertyValuesWithoutSsoBinding() { + return new String[] { PREFIX + + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", + PREFIX + ".foo.asserting-party.singlesignon.sign-request=false", + PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", + PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; } - private String[] getPropertyValuesWithoutSsoBinding(boolean useDeprecated) { - String assertingParty = useDeprecated ? "identityprovider" : "asserting-party"; - return new String[] { - PREFIX + ".foo." + assertingParty - + ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", - PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=false", - PREFIX + ".foo." + assertingParty - + ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", - PREFIX + ".foo." + assertingParty - + ".verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; - } - - private String[] getPropertyValues(boolean useDeprecated) { - String assertingParty = useDeprecated ? "identityprovider" : "asserting-party"; + private String[] getPropertyValues() { return new String[] { PREFIX + ".foo.signing.credentials[0].private-key-location=classpath:saml/private-key-location", PREFIX + ".foo.signing.credentials[0].certificate-location=classpath:saml/certificate-location", PREFIX + ".foo.decryption.credentials[0].private-key-location=classpath:saml/private-key-location", PREFIX + ".foo.decryption.credentials[0].certificate-location=classpath:saml/certificate-location", - PREFIX + ".foo." + assertingParty - + ".singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", - PREFIX + ".foo." + assertingParty + ".singlesignon.binding=post", - PREFIX + ".foo." + assertingParty + ".singlesignon.sign-request=false", - PREFIX + ".foo." + assertingParty - + ".entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", - PREFIX + ".foo." + assertingParty - + ".verification.credentials[0].certificate-location=classpath:saml/certificate-location", + PREFIX + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", + PREFIX + ".foo.asserting-party.singlesignon.binding=post", + PREFIX + ".foo.asserting-party.singlesignon.sign-request=false", + PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", + PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location", PREFIX + ".foo.entity-id={baseUrl}/saml2/foo-entity-id", PREFIX + ".foo.acs.location={baseUrl}/login/saml2/foo-entity-id", PREFIX + ".foo.acs.binding=redirect" }; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyPropertiesTests.java index e395e7d6391..9dd72654389 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyPropertiesTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyPropertiesTests.java @@ -61,7 +61,7 @@ class Saml2RelyingPartyPropertiesTests { bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request", "false"); assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon() - .getSignRequest()).isEqualTo(false); + .isSignRequest()).isEqualTo(false); } @Test @@ -86,6 +86,13 @@ class Saml2RelyingPartyPropertiesTests { .isEqualTo("https://idp.example.org/metadata"); } + @Test + void customizeSsoSignRequestsIsTrueByDefault() { + this.properties.getRegistration().put("simplesamlphp", new Saml2RelyingPartyProperties.Registration()); + assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon() + .isSignRequest()).isEqualTo(true); + } + private void bind(String name, String value) { bind(Collections.singletonMap(name, value)); }