mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-05 00:56:58 +08:00
Merge branch '2.7.x'
This commit is contained in:
commit
85a4c94dea
@ -136,10 +136,10 @@ class ManagementWebSecurityAutoConfigurationTests {
|
||||
void backOffIfSaml2RelyingPartyAutoConfigurationPresent() {
|
||||
this.contextRunner.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class))
|
||||
.withPropertyValues(
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request=false",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location")
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.sign-request=false",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
"spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location")
|
||||
.run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class)
|
||||
.doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN));
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ public class Saml2RelyingPartyProperties {
|
||||
/**
|
||||
* Remote SAML Identity Provider.
|
||||
*/
|
||||
private final AssertingParty assertingParty = new AssertingParty();
|
||||
private final AssertingParty assertingparty = new AssertingParty();
|
||||
|
||||
public String getEntityId() {
|
||||
return this.entityId;
|
||||
@ -90,8 +90,8 @@ public class Saml2RelyingPartyProperties {
|
||||
return this.decryption;
|
||||
}
|
||||
|
||||
public AssertingParty getAssertingParty() {
|
||||
return this.assertingParty;
|
||||
public AssertingParty getAssertingparty() {
|
||||
return this.assertingparty;
|
||||
}
|
||||
|
||||
public static class Acs {
|
||||
|
@ -73,19 +73,19 @@ class Saml2RelyingPartyRegistrationConfiguration {
|
||||
}
|
||||
|
||||
private RelyingPartyRegistration asRegistration(String id, Registration properties) {
|
||||
boolean usingMetadata = StringUtils.hasText(properties.getAssertingParty().getMetadataUri());
|
||||
boolean usingMetadata = StringUtils.hasText(properties.getAssertingparty().getMetadataUri());
|
||||
Builder builder = (usingMetadata) ? RelyingPartyRegistrations
|
||||
.fromMetadataLocation(properties.getAssertingParty().getMetadataUri()).registrationId(id)
|
||||
.fromMetadataLocation(properties.getAssertingparty().getMetadataUri()).registrationId(id)
|
||||
: RelyingPartyRegistration.withRegistrationId(id);
|
||||
builder.assertionConsumerServiceLocation(properties.getAcs().getLocation());
|
||||
builder.assertionConsumerServiceBinding(properties.getAcs().getBinding());
|
||||
builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingParty(), usingMetadata));
|
||||
builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingparty(), usingMetadata));
|
||||
builder.signingX509Credentials((credentials) -> properties.getSigning().getCredentials().stream()
|
||||
.map(this::asSigningCredential).forEach(credentials::add));
|
||||
builder.decryptionX509Credentials((credentials) -> properties.getDecryption().getCredentials().stream()
|
||||
.map(this::asDecryptionCredential).forEach(credentials::add));
|
||||
builder.assertingPartyDetails((details) -> details
|
||||
.verificationX509Credentials((credentials) -> properties.getAssertingParty().getVerification()
|
||||
.verificationX509Credentials((credentials) -> properties.getAssertingparty().getVerification()
|
||||
.getCredentials().stream().map(this::asVerificationCredential).forEach(credentials::add)));
|
||||
builder.entityId(properties.getEntityId());
|
||||
RelyingPartyRegistration registration = builder.build();
|
||||
|
@ -126,7 +126,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl)
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl)
|
||||
.run((context) -> {
|
||||
assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class);
|
||||
assertThat(server.getRequestCount()).isEqualTo(1);
|
||||
@ -140,7 +140,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl)
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl)
|
||||
.run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context
|
||||
.getBean(RelyingPartyRegistrationRepository.class);
|
||||
@ -157,8 +157,8 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
server.start();
|
||||
String metadataUrl = server.url("").toString();
|
||||
setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl,
|
||||
PREFIX + ".foo.asserting-party.singlesignon.binding=redirect").run((context) -> {
|
||||
this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl,
|
||||
PREFIX + ".foo.assertingparty.singlesignon.binding=redirect").run((context) -> {
|
||||
RelyingPartyRegistrationRepository repository = context
|
||||
.getBean(RelyingPartyRegistrationRepository.class);
|
||||
RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
|
||||
@ -216,19 +216,19 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
|
||||
private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests) {
|
||||
return new String[] { PREFIX
|
||||
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.binding=post",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=" + signRequests,
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
+ ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.binding=post",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.sign-request=" + signRequests,
|
||||
PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
}
|
||||
|
||||
private String[] getPropertyValuesWithoutSsoBinding() {
|
||||
return new String[] { PREFIX
|
||||
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
+ ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
|
||||
}
|
||||
|
||||
private String[] getPropertyValues() {
|
||||
@ -237,11 +237,11 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
PREFIX + ".foo.signing.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.decryption.credentials[0].private-key-location=classpath:saml/private-key-location",
|
||||
PREFIX + ".foo.decryption.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.binding=post",
|
||||
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.binding=post",
|
||||
PREFIX + ".foo.assertingparty.singlesignon.sign-request=false",
|
||||
PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
|
||||
PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location",
|
||||
PREFIX + ".foo.entity-id={baseUrl}/saml2/foo-entity-id",
|
||||
PREFIX + ".foo.acs.location={baseUrl}/login/saml2/foo-entity-id",
|
||||
PREFIX + ".foo.acs.binding=redirect" };
|
||||
|
@ -41,26 +41,26 @@ class Saml2RelyingPartyPropertiesTests {
|
||||
|
||||
@Test
|
||||
void customizeSsoUrl() {
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.url",
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.url",
|
||||
"https://simplesaml-for-spring-saml/SSOService.php");
|
||||
assertThat(
|
||||
this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon().getUrl())
|
||||
this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon().getUrl())
|
||||
.isEqualTo("https://simplesaml-for-spring-saml/SSOService.php");
|
||||
}
|
||||
|
||||
@Test
|
||||
void customizeSsoBinding() {
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.binding",
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.binding",
|
||||
"post");
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon()
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
|
||||
.getBinding()).isEqualTo(Saml2MessageBinding.POST);
|
||||
}
|
||||
|
||||
@Test
|
||||
void customizeSsoSignRequests() {
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request",
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.sign-request",
|
||||
"false");
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon()
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
|
||||
.isSignRequest()).isEqualTo(false);
|
||||
}
|
||||
|
||||
@ -80,16 +80,16 @@ class Saml2RelyingPartyPropertiesTests {
|
||||
|
||||
@Test
|
||||
void customizeAssertingPartyMetadataUri() {
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.metadata-uri",
|
||||
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.metadata-uri",
|
||||
"https://idp.example.org/metadata");
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getMetadataUri())
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getMetadataUri())
|
||||
.isEqualTo("https://idp.example.org/metadata");
|
||||
}
|
||||
|
||||
@Test
|
||||
void customizeSsoSignRequestsIsTrueByDefault() {
|
||||
this.properties.getRegistration().put("simplesamlphp", new Saml2RelyingPartyProperties.Registration());
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon()
|
||||
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
|
||||
.isSignRequest()).isEqualTo(true);
|
||||
}
|
||||
|
||||
|
@ -262,7 +262,7 @@ You can register multiple relying parties under the `spring.security.saml2.relyi
|
||||
credentials:
|
||||
- private-key-location: "path-to-private-key"
|
||||
certificate-location: "path-to-certificate"
|
||||
asserting-party:
|
||||
assertingparty:
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: "path-to-verification-cert"
|
||||
@ -278,7 +278,7 @@ You can register multiple relying parties under the `spring.security.saml2.relyi
|
||||
credentials:
|
||||
- private-key-location: "path-to-private-key"
|
||||
certificate-location: "path-to-certificate"
|
||||
asserting-party:
|
||||
assertingparty:
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: "path-to-other-verification-cert"
|
||||
|
@ -8,7 +8,7 @@ spring:
|
||||
credentials:
|
||||
- private-key-location: "classpath:saml/privatekey.txt"
|
||||
certificate-location: "classpath:saml/certificate.txt"
|
||||
asserting-party:
|
||||
assertingparty:
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: "classpath:saml/certificate.txt"
|
||||
@ -21,7 +21,7 @@ spring:
|
||||
credentials:
|
||||
- private-key-location: "classpath:saml/privatekey.txt"
|
||||
certificate-location: "classpath:saml/certificate.txt"
|
||||
asserting-party:
|
||||
assertingparty:
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: "classpath:saml/certificate.txt"
|
||||
|
Loading…
Reference in New Issue
Block a user