Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
github
/
spring-security
peilaus alkaen https://github.com/spring-projects/spring-security
2
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

Merge branch '6.1.x' into 6.2.x

Closes gh-14958
Josh Cummings 1 vuosi sitten
vanhempi
664dfd9b45 d88f2e5133
commit
c97b2aa4e0
2 muutettua tiedostoa jossa 17 lisäystä ja 0 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 2 0
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
  2. 15 0
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java

+ 2 - 0
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
Näytä tiedosto 

@@ -57,6 +57,7 @@ import org.opensaml.saml.saml2.assertion.SubjectConfirmationValidator;
 
 import org.opensaml.saml.saml2.assertion.impl.AudienceRestrictionConditionValidator;
 
 import org.opensaml.saml.saml2.assertion.impl.BearerSubjectConfirmationValidator;
 
 import org.opensaml.saml.saml2.assertion.impl.DelegationRestrictionConditionValidator;
 
+import org.opensaml.saml.saml2.assertion.impl.ProxyRestrictionConditionValidator;
 
 import org.opensaml.saml.saml2.core.Assertion;
 
 import org.opensaml.saml.saml2.core.Attribute;
 
 import org.opensaml.saml.saml2.core.AttributeStatement;
 
@@ -834,6 +835,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
 
 					return ValidationResult.VALID;
 
 				}
 
 			});
 
+			conditions.add(new ProxyRestrictionConditionValidator());
 
 			subjects.add(new BearerSubjectConfirmationValidator() {
 
 				@Override
 
 				protected ValidationResult validateAddress(SubjectConfirmation confirmation, Assertion assertion,

+ 15 - 0
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
Näytä tiedosto 

@@ -54,6 +54,7 @@ import org.opensaml.saml.saml2.core.EncryptedID;
 
 import org.opensaml.saml.saml2.core.Issuer;
 
 import org.opensaml.saml.saml2.core.NameID;
 
 import org.opensaml.saml.saml2.core.OneTimeUse;
 
+import org.opensaml.saml.saml2.core.ProxyRestriction;
 
 import org.opensaml.saml.saml2.core.Response;
 
 import org.opensaml.saml.saml2.core.Status;
 
 import org.opensaml.saml.saml2.core.StatusCode;
 
@@ -63,6 +64,7 @@ import org.opensaml.saml.saml2.core.impl.AttributeBuilder;
 
 import org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder;
 
 import org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder;
 
 import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
 
+import org.opensaml.saml.saml2.core.impl.ProxyRestrictionBuilder;
 
 import org.opensaml.saml.saml2.core.impl.StatusBuilder;
 
 import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder;
 
 import org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder;
 
@@ -832,6 +834,19 @@ public class OpenSaml4AuthenticationProviderTests {
 
 			.withMessageContaining("did not match any valid issuers");
 
 	}
 
 
+	// gh-14931
 
+	@Test
 
+	public void authenticateWhenAssertionHasProxyRestrictionThenParses() {
 
+		OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
 
+		Response response = response();
 
+		Assertion assertion = assertion();
 
+		ProxyRestriction condition = new ProxyRestrictionBuilder().buildObject();
 
+		assertion.getConditions().getConditions().add(condition);
 
+		response.getAssertions().add(assertion);
 
+		Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
 
+		provider.authenticate(token);
 
+	}
 
+
 
 	private <T extends XMLObject> T build(QName qName) {
 
 		return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
 
 	}