Examples with Saml2LogoutRequestValidatorParameters org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters used on opensource projects

Search in sources :

Example 1 with Saml2LogoutRequestValidatorParameters

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.

the class Saml2LogoutRequestFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (!this.logoutRequestMatcher.matches(request)) {
        chain.doFilter(request, response);
        return;
    }
    if (request.getParameter(Saml2ParameterNames.SAML_REQUEST) == null) {
        chain.doFilter(request, response);
        return;
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, getRegistrationId(authentication));
    if (registration == null) {
        this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return;
    }
    if (registration.getSingleLogoutServiceLocation() == null) {
        this.logger.trace("Did not process logout request since RelyingPartyRegistration has not been configured with a logout request endpoint");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (!isCorrectBinding(request, registration)) {
        this.logger.trace("Did not process logout request since used incorrect binding");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(logoutRequest, registration, authentication);
    Saml2LogoutValidatorResult result = this.logoutRequestValidator.validate(parameters);
    if (result.hasErrors()) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
        this.logger.debug(LogMessage.format("Failed to validate LogoutRequest: %s", result.getErrors()));
        return;
    }
    this.handler.logout(request, response, authentication);
    Saml2LogoutResponse logoutResponse = this.logoutResponseResolver.resolve(request, authentication);
    if (logoutResponse == null) {
        this.logger.trace("Returning 401 since no logout response generated");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (logoutResponse.getBinding() == Saml2MessageBinding.REDIRECT) {
        doRedirect(request, response, logoutResponse);
    } else {
        doPost(response, logoutResponse);
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy) OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter) ServletException(jakarta.servlet.ServletException) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) Function(java.util.function.Function) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) RedirectStrategy(org.springframework.security.web.RedirectStrategy) HtmlUtils(org.springframework.web.util.HtmlUtils) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogMessage(org.springframework.core.log.LogMessage) Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator) CompositeLogoutHandler(org.springframework.security.web.authentication.logout.CompositeLogoutHandler) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) MediaType(org.springframework.http.MediaType) FilterChain(jakarta.servlet.FilterChain) IOException(java.io.IOException) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) StandardCharsets(java.nio.charset.StandardCharsets) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) UriUtils(org.springframework.web.util.UriUtils) Log(org.apache.commons.logging.Log) Saml2LogoutRequestValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) LogFactory(org.apache.commons.logging.LogFactory) Authentication(org.springframework.security.core.Authentication) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Assert(org.springframework.util.Assert) StringUtils(org.springframework.util.StringUtils) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) Saml2LogoutRequestValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)

Example 2 with Saml2LogoutRequestValidatorParameters

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenNameIdIsEncryptedIdPostThenValidates.

@Test
public void handleWhenNameIdIsEncryptedIdPostThenValidates() {
    RelyingPartyRegistration registration = decrypting(encrypting(registration())).build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequestNameIdInEncryptedId(registration);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).withFailMessage(() -> result.getErrors().toString()).isFalse();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 3 with Saml2LogoutRequestValidatorParameters

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenMismatchedDestinationThenInvalidDestinationError.

@Test
public void handleWhenMismatchedDestinationThenInvalidDestinationError() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    logoutRequest.setDestination("wrong");
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_DESTINATION);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 4 with Saml2LogoutRequestValidatorParameters

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenMissingUserThenSubjectNotFoundError.

@Test
public void handleWhenMissingUserThenSubjectNotFoundError() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    logoutRequest.setNameID(null);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.SUBJECT_NOT_FOUND);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 5 with Saml2LogoutRequestValidatorParameters

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenPostBindingThenValidates.

@Test
public void handleWhenPostBindingThenValidates() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isFalse();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Aggregations

RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)9 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8 Test (org.junit.jupiter.api.Test)7 Authentication (org.springframework.security.core.Authentication)3 StandardCharsets (java.nio.charset.StandardCharsets)2 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)2 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)2 FilterChain (jakarta.servlet.FilterChain)1 ServletException (jakarta.servlet.ServletException)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Function (java.util.function.Function)1 Log (org.apache.commons.logging.Log)1 LogFactory (org.apache.commons.logging.LogFactory)1 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1 XMLObject (org.opensaml.core.xml.XMLObject)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial