Search in sources :

Example 16 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2LogoutResponseFilterTests method doFilterWhenSamlResponsePostThenLogout.

@Test
public void doFilterWhenSamlResponsePostThenLogout() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
    request.setServletPath("/logout/saml2/slo");
    request.setParameter(Saml2ParameterNames.SAML_RESPONSE, "response");
    MockHttpServletResponse response = new MockHttpServletResponse();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    given(this.relyingPartyRegistrationResolver.resolve(request, "registration-id")).willReturn(registration);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    given(this.logoutRequestRepository.removeLogoutRequest(request, response)).willReturn(logoutRequest);
    given(this.logoutResponseValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.success());
    this.logoutResponseProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
    verify(this.logoutResponseValidator).validate(any());
    verify(this.logoutSuccessHandler).onLogoutSuccess(any(), any(), any());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 17 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests method onLogoutSuccessWhenRedirectThenRedirectsToAssertingParty.

@Test
public void onLogoutSuccessWhenRedirectThenRedirectsToAssertingParty() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    Authentication authentication = authentication(registration);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/saml2/logout");
    request.setServletPath("/saml2/logout");
    MockHttpServletResponse response = new MockHttpServletResponse();
    given(this.logoutRequestResolver.resolve(any(), any())).willReturn(logoutRequest);
    this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
    String content = response.getHeader("Location");
    assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
    assertThat(content).startsWith(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 18 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests method onLogoutSuccessWhenPostThenPostsToAssertingParty.

@Test
public void onLogoutSuccessWhenPostThenPostsToAssertingParty() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    Authentication authentication = authentication(registration);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/saml2/logout");
    request.setServletPath("/saml2/logout");
    MockHttpServletResponse response = new MockHttpServletResponse();
    given(this.logoutRequestResolver.resolve(any(), any())).willReturn(logoutRequest);
    this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
    String content = response.getContentAsString();
    assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
    assertThat(content).contains(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Test(org.junit.jupiter.api.Test) AfterEach(org.junit.jupiter.api.AfterEach) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) BDDMockito.given(org.mockito.BDDMockito.given) BDDMockito.mock(org.mockito.BDDMockito.mock) Authentication(org.springframework.security.core.Authentication) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 19 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class HttpSessionLogoutRequestRepositoryTests method saveLogoutRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException.

@Test
public void saveLogoutRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() {
    Saml2LogoutRequest logoutRequest = createLogoutRequest().build();
    assertThatIllegalArgumentException().isThrownBy(() -> this.logoutRequestRepository.saveLogoutRequest(logoutRequest, null, new MockHttpServletResponse()));
}
Also used : Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 20 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class HttpSessionLogoutRequestRepositoryTests method saveLogoutRequestWhenStateNullThenThrowIllegalArgumentException.

@Test
public void saveLogoutRequestWhenStateNullThenThrowIllegalArgumentException() {
    Saml2LogoutRequest logoutRequest = createLogoutRequest().relayState(null).build();
    assertThatIllegalArgumentException().isThrownBy(() -> this.logoutRequestRepository.saveLogoutRequest(logoutRequest, new MockHttpServletRequest(), new MockHttpServletResponse()));
}
Also used : Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)40 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)34 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)31 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)27 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)15 Authentication (org.springframework.security.core.Authentication)12 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)12 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)10 StandardCharsets (java.nio.charset.StandardCharsets)9 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)7 DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)6 AfterEach (org.junit.jupiter.api.AfterEach)5 BeforeEach (org.junit.jupiter.api.BeforeEach)5