Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch '6.0.x' into 6.1.x

Closes gh-13655
Josh Cummings 2 years ago
parent
35d879191c ca0140c586
commit
d2d1f19133
2 changed files with 42 additions and 5 deletions
Split View Show Diff Stats
  1. 8 5
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
  2. 34 0
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java

+ 8 - 5
config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
View File 

@@ -268,6 +268,9 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 			}
 
 		}
 
 		this.initDefaultLoginFilter(http);
 
+		if (this.authenticationManager == null) {
 
+			registerDefaultAuthenticationProvider(http);
 
+		}
 
 	}
 
 
 	/**
 
@@ -283,10 +286,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 		filter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
 
 		http.addFilter(postProcess(filter));
 
 		super.configure(http);
 
-		if (this.authenticationManager == null) {
 
-			registerDefaultAuthenticationProvider(http);
 
-		}
 
-		else {
 
+		if (this.authenticationManager != null) {
 
 			this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
 
 		}
 
 	}
 
@@ -359,7 +359,10 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 
 	}
 
 
 	private void registerDefaultAuthenticationProvider(B http) {
 
-		http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
 
+		OpenSaml4AuthenticationProvider provider = getBeanOrNull(http, OpenSaml4AuthenticationProvider.class);
 
+		if (provider == null) {
 
+			http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
 
+		}
 
 	}
 
 
 	private void registerDefaultCsrfOverride(B http) {

+ 34 - 0
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
View File 

@@ -42,6 +42,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import org.springframework.mock.web.MockHttpSession;
 
 import org.springframework.security.authentication.AuthenticationManager;
 
+import org.springframework.security.authentication.AuthenticationProvider;
 
 import org.springframework.security.authentication.AuthenticationServiceException;
 
 import org.springframework.security.config.Customizer;
 
 import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
 
@@ -59,6 +60,7 @@ import org.springframework.security.saml2.core.Saml2ErrorCodes;
 
 import org.springframework.security.saml2.core.Saml2Utils;
 
 import org.springframework.security.saml2.core.TestSaml2X509Credentials;
 
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 
+import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
 
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
 
@@ -353,6 +355,15 @@ public class Saml2LoginConfigurerTests {
 
 				.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
 
 	}
 
 
+	@Test
 
+	public void saml2LoginWhenCustomAuthenticationProviderThenUses() throws Exception {
 
+		this.spring.register(CustomAuthenticationProviderConfig.class).autowire();
 
+		AuthenticationProvider provider = this.spring.getContext().getBean(AuthenticationProvider.class);
 
+		this.mvc.perform(post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE))
 
+				.andExpect(status().isFound());
 
+		verify(provider).authenticate(any());
 
+	}
 
+
 
 	private void performSaml2Login(String expected) throws IOException, ServletException {
 
 		// setup authentication parameters
 
 		this.request.setRequestURI("/login/saml2/sso/registration-id");
 
@@ -663,6 +674,29 @@ public class Saml2LoginConfigurerTests {
 
 
 	}
 
 
+	@Configuration
 
+	@EnableWebSecurity
 
+	@EnableWebMvc
 
+	@Import(Saml2LoginConfigBeans.class)
 
+	static class CustomAuthenticationProviderConfig {
 
+
 
+		private final OpenSaml4AuthenticationProvider provider = spy(new OpenSaml4AuthenticationProvider());
 
+
 
+		@Bean
 
+		SecurityFilterChain web(HttpSecurity http) throws Exception {
 
+			http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 
+					.saml2Login(Customizer.withDefaults());
 
+
 
+			return http.build();
 
+		}
 
+
 
+		@Bean
 
+		AuthenticationProvider provider() {
 
+			return this.provider;
 
+		}
 
+
 
+	}
 
+
 
 	static class Saml2LoginConfigBeans {
 
 
 		@Bean