Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Merge branch '6.4.x'

Josh Cummings 3 ay önce
ebeveyn
eda9142b6b 868342b3a9
işleme
9df3a57d9e
3 değiştirilmiş dosya ile 27 ekleme ve 2 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 9 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java
  2. 9 0
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
  3. 9 0
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java

+ 9 - 2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java
Dosyayı Görüntüle 

@@ -166,7 +166,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 
 			String inResponseTo = response.getInResponseTo();
 
 			result = result.concat(validateInResponseTo(token.getAuthenticationRequest(), inResponseTo));
 
 
-			String issuer = response.getIssuer().getValue();
 
+			String issuer = issuer(response);
 
 			String destination = response.getDestination();
 
 			String location = token.getRelyingPartyRegistration().getAssertionConsumerServiceLocation();
 
 			if (StringUtils.hasText(destination) && !destination.equals(location)) {
 
@@ -189,6 +189,13 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 
 		};
 
 	}
 
 
+	private static String issuer(Response response) {
 
+		if (response.getIssuer() == null) {
 
+			return null;
 
+		}
 
+		return response.getIssuer().getValue();
 
+	}
 
+
 
 	static List<String> getStatusCodes(Response response) {
 
 		if (response.getStatus() == null) {
 
 			return List.of(StatusCode.SUCCESS);
 
@@ -314,7 +321,7 @@ class BaseOpenSamlAuthenticationProvider implements AuthenticationProvider {
 
 	}
 
 
 	private void process(Saml2AuthenticationToken token, Response response) {
 
-		String issuer = response.getIssuer().getValue();
 
+		String issuer = issuer(response);
 
 		this.logger.debug(LogMessage.format("Processing SAML response from %s", issuer));
 
 		boolean responseSigned = response.isSigned();

+ 9 - 0
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
Dosyayı Görüntüle 

@@ -889,6 +889,15 @@ public class OpenSaml4AuthenticationProviderTests {
 
 		provider.authenticate(token);
 
 	}
 
 
+	// gh-16989
 
+	@Test
 
+	public void authenticateWhenNullIssuerThenNoNullPointer() {
 
+		OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
 
+		Response response = TestOpenSamlObjects.signedResponseWithOneAssertion((r) -> r.setIssuer(null));
 
+		Saml2AuthenticationToken token = token(response, verifying(registration()));
 
+		assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token));
 
+	}
 
+
 
 	private <T extends XMLObject> T build(QName qName) {
 
 		return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
 
 	}

+ 9 - 0
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java
Dosyayı Görüntüle 

@@ -975,6 +975,15 @@ public class OpenSaml5AuthenticationProviderTests {
 
 		provider.authenticate(token);
 
 	}
 
 
+	// gh-16989
 
+	@Test
 
+	public void authenticateWhenNullIssuerThenNoNullPointer() {
 
+		OpenSaml5AuthenticationProvider provider = new OpenSaml5AuthenticationProvider();
 
+		Response response = TestOpenSamlObjects.signedResponseWithOneAssertion((r) -> r.setIssuer(null));
 
+		Saml2AuthenticationToken token = token(response, verifying(registration()));
 
+		assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token));
 
+	}
 
+
 
 	private <T extends XMLObject> T build(QName qName) {
 
 		return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
 
 	}