Examples with Saml2WebSsoAuthenticationRequestFilter org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter used on opensource projects

Search in sources :

Example 1 with Saml2WebSsoAuthenticationRequestFilter

use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter in project spring-security by spring-projects.

the class Saml2LoginConfigurer method configure.

/**
 * {@inheritDoc}
 * <p>
 * During the {@code configure} phase, a
 * {@link Saml2WebSsoAuthenticationRequestFilter} is added to handle SAML 2.0
 * AuthNRequest redirects
 */
@Override
public void configure(B http) throws Exception {
    Saml2WebSsoAuthenticationRequestFilter filter = getAuthenticationRequestFilter(http);
    filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
    http.addFilter(postProcess(filter));
    super.configure(http);
    if (this.authenticationManager == null) {
        registerDefaultAuthenticationProvider(http);
    } else {
        this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
    }
}
Also used : Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter)

Example 2 with Saml2WebSsoAuthenticationRequestFilter

use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method doFilterWhenPathStartsWithRegistrationIdThenPosts.

@Test
public void doFilterWhenPathStartsWithRegistrationIdThenPosts() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST)).build();
    RequestMatcher matcher = new AntPathRequestMatcher("/{registrationId}/saml2/authenticate");
    DefaultRelyingPartyRegistrationResolver delegate = new DefaultRelyingPartyRegistrationResolver(this.repository);
    RelyingPartyRegistrationResolver resolver = (request, id) -> {
        String registrationId = matcher.matcher(request).getVariables().get("registrationId");
        return delegate.resolve(request, registrationId);
    };
    Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(resolver);
    Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
    given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
    given(authenticationRequest.getRelayState()).willReturn("relay");
    given(authenticationRequest.getSamlRequest()).willReturn("saml");
    given(this.repository.findByRegistrationId("registration-id")).willReturn(registration);
    given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
    this.filter = new Saml2WebSsoAuthenticationRequestFilter(authenticationRequestContextResolver, this.factory);
    this.filter.setRedirectMatcher(matcher);
    this.request.setPathInfo("/registration-id/saml2/authenticate");
    this.filter.doFilter(this.request, this.response, new MockFilterChain());
    verify(this.repository).findByRegistrationId("registration-id");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2AuthenticationRequestRepository(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) MockFilterChain(org.springframework.mock.web.MockFilterChain) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Saml2AuthenticationRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) HtmlUtils(org.springframework.web.util.HtmlUtils) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver) BDDMockito.given(org.mockito.BDDMockito.given) AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest) Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) Saml2AuthenticationRequestFactory(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory) ServletRequest(jakarta.servlet.ServletRequest) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) StandardCharsets(java.nio.charset.StandardCharsets) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) ServletResponse(jakarta.servlet.ServletResponse) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) UriUtils(org.springframework.web.util.UriUtils) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TestSaml2AuthenticationRequestContexts(org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Mockito.mock(org.mockito.Mockito.mock) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) MockFilterChain(org.springframework.mock.web.MockFilterChain) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver) Test(org.junit.jupiter.api.Test)

Example 3 with Saml2WebSsoAuthenticationRequestFilter

use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method setup.

@BeforeEach
public void setup() {
    this.filter = new Saml2WebSsoAuthenticationRequestFilter(this.resolver, this.factory);
    this.request = new MockHttpServletRequest();
    this.response = new MockHttpServletResponse();
    this.request.setPathInfo("/saml2/authenticate/registration-id");
    this.filterChain = new MockFilterChain() {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response) {
            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        }
    };
    this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id").providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL)).assertionConsumerServiceUrlTemplate("template").credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
    this.filter.setAuthenticationRequestRepository(this.authenticationRequestRepository);
}
Also used : Saml2AuthenticationRequestRepository(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) MockFilterChain(org.springframework.mock.web.MockFilterChain) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Saml2AuthenticationRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) HtmlUtils(org.springframework.web.util.HtmlUtils) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver) BDDMockito.given(org.mockito.BDDMockito.given) AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest) Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) Saml2AuthenticationRequestFactory(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory) ServletRequest(jakarta.servlet.ServletRequest) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) StandardCharsets(java.nio.charset.StandardCharsets) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) ServletResponse(jakarta.servlet.ServletResponse) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) UriUtils(org.springframework.web.util.UriUtils) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TestSaml2AuthenticationRequestContexts(org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Mockito.mock(org.mockito.Mockito.mock) ServletRequest(jakarta.servlet.ServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ServletResponse(jakarta.servlet.ServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with Saml2WebSsoAuthenticationRequestFilter

use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter in project midpoint by Evolveum.

the class Saml2ModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof Saml2AuthenticationModuleType)) {
        LOGGER.error("This factory support only Saml2AuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    isSupportedChannel(authenticationChannel);
    SamlModuleWebSecurityConfiguration.setProtector(getProtector());
    SamlModuleWebSecurityConfiguration configuration = SamlModuleWebSecurityConfiguration.build((Saml2AuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
    configuration.setSequenceSuffix(sequenceSuffix);
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new Saml2Provider()));
    SamlModuleWebSecurityConfigurer<SamlModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new SamlModuleWebSecurityConfigurer<>(configuration));
    HttpSecurity http = getNewHttpSecurity(module);
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
    moduleAuthentication.setFocusType(moduleType.getFocusType());
    SecurityFilterChain filter = http.build();
    for (Filter f : filter.getFilters()) {
        if (f instanceof Saml2WebSsoAuthenticationRequestFilter) {
            ((Saml2WebSsoAuthenticationRequestFilter) f).setRedirectMatcher(new AntPathRequestMatcher(module.getPrefix() + RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID));
            break;
        }
    }
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl) Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter) Saml2Provider(com.evolveum.midpoint.authentication.impl.provider.Saml2Provider) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter) Filter(javax.servlet.Filter) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) SamlModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.SamlModuleWebSecurityConfiguration)

Example 5 with Saml2WebSsoAuthenticationRequestFilter

use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method doFilterWhenCustomAuthenticationRequestResolverThenUses.

@Test
public void doFilterWhenCustomAuthenticationRequestResolverThenUses() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build();
    Saml2RedirectAuthenticationRequest authenticationRequest = redirectAuthenticationRequest(registration).build();
    Saml2WebSsoAuthenticationRequestFilter filter = new Saml2WebSsoAuthenticationRequestFilter(this.authenticationRequestResolver);
    given(this.authenticationRequestResolver.resolve(any())).willReturn(authenticationRequest);
    filter.doFilterInternal(this.request, this.response, this.filterChain);
    verify(this.authenticationRequestResolver).resolve(any());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)3 Saml2RedirectAuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest)3 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3 ServletException (jakarta.servlet.ServletException)2 ServletRequest (jakarta.servlet.ServletRequest)2 ServletResponse (jakarta.servlet.ServletResponse)2 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 IOException (java.io.IOException)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2 BeforeEach (org.junit.jupiter.api.BeforeEach)2 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)2 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)2 BDDMockito.given (org.mockito.BDDMockito.given)2 Mockito.mock (org.mockito.Mockito.mock)2 Mockito.verify (org.mockito.Mockito.verify)2 Mockito.verifyNoInteractions (org.mockito.Mockito.verifyNoInteractions)2 MockFilterChain (org.springframework.mock.web.MockFilterChain)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial