root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Add relying party registration not found exception 

Fixes: gh-7865
This commit is contained in:
Eleftheria Stein 2020-02-04 09:58:54 +01:00
parent 3e07b35611
commit 5678490c1f
3 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -93,4 +93,9 @@ public interface Saml2ErrorCodes {
* authentication process.
*/
String INTERNAL_VALIDATION_ERROR = "internal_validation_error";
/**
* The relying party registration was not found.
* The registration ID did not correspond to any relying party registration.
*/
String RELYING_PARTY_REGISTRATION_NOT_FOUND = "relying_party_registration_not_found";
}

13
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilter.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,7 +19,9 @@ package org.springframework.security.saml2.provider.service.servlet.filter;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
import org.springframework.security.saml2.provider.service.authentication.Saml2Error;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@ -32,6 +34,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.springframework.security.saml2.provider.service.authentication.Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND;
import static org.springframework.util.StringUtils.hasText;
/**
@ -86,8 +89,14 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
byte[] b = Saml2Utils.decode(saml2Response);
String responseXml = inflateIfRequired(request, b);
String registrationId = this.matcher.matcher(request).getVariables().get("registrationId");
RelyingPartyRegistration rp =
this.relyingPartyRegistrationRepository.findByRegistrationId(this.matcher.matcher(request).getVariables().get("registrationId"));
this.relyingPartyRegistrationRepository.findByRegistrationId(registrationId);
if (rp == null) {
Saml2Error saml2Error = new Saml2Error(RELYING_PARTY_REGISTRATION_NOT_FOUND,
"Relying Party Registration not found with ID: " + registrationId);
throw new Saml2AuthenticationException(saml2Error);
}
String localSpEntityId = Saml2Utils.getServiceProviderEntityId(rp, request);
final Saml2AuthenticationToken authentication = new Saml2AuthenticationToken(
responseXml,

22
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationFilterTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -23,11 +23,15 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import javax.servlet.http.HttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.failBecauseExceptionWasNotThrown;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class Saml2WebSsoAuthenticationFilterTests {
@ -71,5 +75,21 @@ public class Saml2WebSsoAuthenticationFilterTests {
Assert.assertTrue(filter.requiresAuthentication(request, response));
}
@Test
public void attemptAuthenticationWhenRegistrationIdDoesNotExistThenThrowsException() {
when(repository.findByRegistrationId("non-existent-id")).thenReturn(null);
filter = new Saml2WebSsoAuthenticationFilter(repository, "/some/other/path/{registrationId}");
request.setPathInfo("/some/other/path/non-existent-id");
request.setParameter("SAMLResponse", "response");
try {
filter.attemptAuthentication(request, response);
failBecauseExceptionWasNotThrown(Saml2AuthenticationException.class);
} catch (Exception e) {
assertThat(e).isInstanceOf(Saml2AuthenticationException.class);
assertThat(e.getMessage()).isEqualTo("Relying Party Registration not found with ID: non-existent-id");
}
}
}