Examples with POST org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST used on opensource projects

Search in sources :

Example 1 with POST

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST in project spring-security by spring-projects.

the class Saml2LoginConfigurerTests method authenticateWhenCustomLoginProcessingUrlAndCustomAuthenticationConverterThenAuthenticate.

@Test
public void authenticateWhenCustomLoginProcessingUrlAndCustomAuthenticationConverterThenAuthenticate() throws Exception {
    this.spring.register(CustomLoginProcessingUrlCustomAuthenticationConverter.class).autowire();
    RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id");
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(AUTHENTICATION_CONVERTER.convert(any(HttpServletRequest.class))).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(redirectedUrl("/"));
    verify(AUTHENTICATION_CONVERTER).convert(any(HttpServletRequest.class));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 2 with POST

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST in project spring-security by spring-projects.

the class Saml2LoginConfigurerTests method authenticateWhenCustomLoginProcessingUrlAndSaml2AuthenticationTokenConverterBeanThenAuthenticate.

@Test
public void authenticateWhenCustomLoginProcessingUrlAndSaml2AuthenticationTokenConverterBeanThenAuthenticate() throws Exception {
    this.spring.register(CustomLoginProcessingUrlSaml2AuthenticationTokenConverterBean.class).autowire();
    Saml2AuthenticationTokenConverter authenticationConverter = this.spring.getContext().getBean(Saml2AuthenticationTokenConverter.class);
    RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id");
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(authenticationConverter.convert(any(HttpServletRequest.class))).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(redirectedUrl("/"));
    verify(authenticationConverter).convert(any(HttpServletRequest.class));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) Saml2AuthenticationTokenConverter(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 3 with POST

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method setup.

@BeforeEach
public void setup() {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("registration-id");
    this.user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.request = new MockHttpServletRequest("POST", "");
    this.request.setServletPath("/login/saml2/sso/test-rp");
    this.response = new MockHttpServletResponse();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with POST

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutResponseWhenInvalidSamlResponseThen401.

@Test
public void saml2LogoutResponseWhenInvalidSamlResponseThen401() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id");
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState).parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build();
    this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response);
    String deflatedApLogoutResponse = Saml2Utils.samlEncode(Saml2Utils.samlInflate(Saml2Utils.samlDecode(this.apLogoutResponse)).getBytes(StandardCharsets.UTF_8));
    this.mvc.perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()).param("SAMLResponse", deflatedApLogoutResponse).param("RelayState", this.rpLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutResponseSignature).with(samlQueryString())).andExpect(status().reason(containsString("invalid_signature"))).andExpect(status().isUnauthorized());
    verifyNoInteractions(getBean(LogoutHandler.class));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Autowired(org.springframework.beans.factory.annotation.Autowired) ObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2LogoutRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequestFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter) Matcher(java.util.regex.Matcher) BDDMockito.verify(org.mockito.BDDMockito.verify) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SecurityMockMvcRequestPostProcessors.authentication(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication) BDDMockito.given(org.mockito.BDDMockito.given) Map(java.util.Map) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) BDDMockito.verifyNoInteractions(org.mockito.BDDMockito.verifyNoInteractions) MockMvcRequestBuilders.put(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Saml2LogoutResponseResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver) Collection(java.util.Collection) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) MockMvcResultMatchers.redirectedUrl(org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) LogoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Pattern(java.util.regex.Pattern) SecurityMockMvcRequestPostProcessors.csrf(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf) Saml2LogoutResponseFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpSessionLogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) InMemoryRelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository) Mockito.spy(org.mockito.Mockito.spy) Function(java.util.function.Function) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) MockMvc(org.springframework.test.web.servlet.MockMvc) MockMvcRequestBuilders.delete(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete) Saml2LogoutResponseValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator) MockMvcResultMatchers.status(org.springframework.test.web.servlet.result.MockMvcResultMatchers.status) MockMvcRequestBuilders.post(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post) MvcResult(org.springframework.test.web.servlet.MvcResult) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) Saml2Utils(org.springframework.security.saml2.core.Saml2Utils) Import(org.springframework.context.annotation.Import) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) Saml2LogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Consumer(java.util.function.Consumer) AfterEach(org.junit.jupiter.api.AfterEach) RequestPostProcessor(org.springframework.test.web.servlet.request.RequestPostProcessor) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) SpringTestContext(org.springframework.security.config.test.SpringTestContext) MockMvcRequestBuilders.get(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) UriUtils(org.springframework.web.util.UriUtils) Bean(org.springframework.context.annotation.Bean) BDDMockito.mock(org.mockito.BDDMockito.mock) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Example 5 with POST

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST in project spring-security by spring-projects.

the class Saml2LoginBeanDefinitionParserTests method authenticateWhenCustomAuthenticationManagerThenUses.

@Test
public void authenticateWhenCustomAuthenticationManagerThenUses() throws Exception {
    this.spring.configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthenticationManager")).autowire();
    RelyingPartyRegistration relyingPartyRegistration = relyingPartyRegistrationWithVerifyingCredential();
    AuthenticationManager authenticationManager = this.applicationContext.getBean("customAuthenticationManager", AuthenticationManager.class);
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(authenticationManager.authenticate(any())).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()).param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("/"));
    verify(authenticationManager).authenticate(any());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)41 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)36 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)21 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)17 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)11 Authentication (org.springframework.security.core.Authentication)11 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)11 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10 BeforeEach (org.junit.jupiter.api.BeforeEach)9 DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)9 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)9 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)8 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Saml2LogoutResponse (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)8 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)7 Saml2LogoutRequestValidator (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial