Use Saml2Error Static Factories

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java

@@ -302,7 +302,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 			throw ex;
 		}
 		catch (Exception ex) {
-			throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
+			throw new Saml2AuthenticationException(Saml2Error.internalValidationError(ex.getMessage()), ex);
 		}
 	}
 
@@ -316,7 +316,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 			return this.saml.deserialize(response);
 		}
 		catch (Exception ex) {
-			throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
+			throw new Saml2AuthenticationException(Saml2Error.malformedResponseData(ex.getMessage()), ex);
 		}
 	}
 
@@ -375,7 +375,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 					.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]");
 			}
 			Saml2Error first = errors.iterator().next();
-			throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null);
+			throw new Saml2AuthenticationException(first);
 		}
 		else {
 			if (this.logger.isDebugEnabled()) {
@@ -408,7 +408,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 				this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(response);
 			}
 			catch (Exception ex) {
-				throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+				throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);
 			}
 		};
 	}
@@ -437,7 +437,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 				this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(assertion);
 			}
 			catch (Exception ex) {
-				throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+				throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);
 			}
 		};
 	}
@@ -503,11 +503,6 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 		return xmlObject;
 	}
 
-	private static Saml2AuthenticationException createAuthenticationException(String code, String message,
-			Exception cause) {
-		return new Saml2AuthenticationException(new Saml2Error(code, message), cause);
-	}
-
 	private static Converter<AssertionToken, Saml2ResponseValidatorResult> createAssertionValidator(String errorCode,
 			Converter<AssertionToken, SAML20AssertionValidator> validatorConverter,
 			Converter<AssertionToken, ValidationContext> contextConverter) {

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java

@@ -22,7 +22,6 @@ import org.opensaml.saml.saml2.core.Response;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -182,8 +181,7 @@ final class BaseOpenSamlAuthenticationTokenConverter implements AuthenticationCo
 				.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java

@@ -20,7 +20,6 @@ import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -107,12 +106,12 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 		if (!this.shouldConvertGetRequests && isGet) {
 			return null;
 		}
+		Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet);
 		try {
-			return Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet).decode();
+			return decoding.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java

@@ -23,7 +23,6 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -145,8 +144,7 @@ final class BaseOpenSamlLogoutRequestValidatorParametersResolver
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		if (registration == null) {
 			throw new Saml2AuthenticationException(
-					new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-					"registration not found");
+					Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 		}
 		return logoutRequestByRegistration(request, registration, authentication);
 	}

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java

@@ -31,7 +31,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -268,8 +267,7 @@ public final class Saml2LogoutRequestFilter extends OncePerRequestFilter {
 					registrationId);
 			if (registration == null) {
 				throw new Saml2AuthenticationException(
-						new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-						"registration not found");
+						Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 			}
 			UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
 			String entityId = uriResolver.resolve(registration.getEntityId());

saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java

@@ -24,7 +24,6 @@ import org.opensaml.saml.saml2.core.Response;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -197,8 +196,7 @@ public final class OpenSamlAuthenticationTokenConverter implements Authenticatio
 				.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 

saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java

@@ -27,7 +27,6 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -159,8 +158,7 @@ public final class OpenSamlLogoutRequestValidatorParametersResolver
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		if (registration == null) {
 			throw new Saml2AuthenticationException(
-					new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-					"registration not found");
+					Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 		}
 		return logoutRequestByRegistration(request, registration, authentication);
 	}

saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java

@@ -935,8 +935,8 @@ public final class OpenSaml5AuthenticationProvider implements AuthenticationProv
 
 		private static String authenticatedPrincipal(Assertion assertion) {
 			if (!BaseOpenSamlAuthenticationProvider.hasName(assertion)) {
-				throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND,
-						"Assertion [" + assertion.getID() + "] is missing a subject"));
+				throw new Saml2AuthenticationException(
+						Saml2Error.subjectNotFound("Assertion [" + assertion.getID() + "] is missing a subject"));
 			}
 			return assertion.getSubject().getNameID().getValue();
 		}