Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-07-15 01:07:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.7.x'

Browse Source
This commit is contained in:
Moritz Halbritter 2022-04-25 15:32:08 +02:00
commit 85a4c94dea
7 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java
View File

@ -136,10 +136,10 @@ class ManagementWebSecurityAutoConfigurationTests {
void backOffIfSaml2RelyingPartyAutoConfigurationPresent() { void backOffIfSaml2RelyingPartyAutoConfigurationPresent() {
this.contextRunner.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class)) this.contextRunner.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class))
.withPropertyValues( .withPropertyValues(
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php", "spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.url=https://simplesaml-for-spring-saml/SSOService.php",
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request=false", "spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.sign-request=false",
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", "spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
"spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location") "spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location")
.run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class) .run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class)
.doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN)); .doesNotHaveBean(MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN));
} }

6
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java
View File

@ -68,7 +68,7 @@ public class Saml2RelyingPartyProperties {
/** /**
* Remote SAML Identity Provider. * Remote SAML Identity Provider.
*/ */
private final AssertingParty assertingParty = new AssertingParty(); private final AssertingParty assertingparty = new AssertingParty();
public String getEntityId() { public String getEntityId() {
return this.entityId; return this.entityId;
@ -90,8 +90,8 @@ public class Saml2RelyingPartyProperties {
return this.decryption; return this.decryption;
} }
public AssertingParty getAssertingParty() { public AssertingParty getAssertingparty() {
return this.assertingParty; return this.assertingparty;
} }
public static class Acs { public static class Acs {

8
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java
View File

@ -73,19 +73,19 @@ class Saml2RelyingPartyRegistrationConfiguration {
} }
private RelyingPartyRegistration asRegistration(String id, Registration properties) { private RelyingPartyRegistration asRegistration(String id, Registration properties) {
boolean usingMetadata = StringUtils.hasText(properties.getAssertingParty().getMetadataUri()); boolean usingMetadata = StringUtils.hasText(properties.getAssertingparty().getMetadataUri());
Builder builder = (usingMetadata) ? RelyingPartyRegistrations Builder builder = (usingMetadata) ? RelyingPartyRegistrations
.fromMetadataLocation(properties.getAssertingParty().getMetadataUri()).registrationId(id) .fromMetadataLocation(properties.getAssertingparty().getMetadataUri()).registrationId(id)
: RelyingPartyRegistration.withRegistrationId(id); : RelyingPartyRegistration.withRegistrationId(id);
builder.assertionConsumerServiceLocation(properties.getAcs().getLocation()); builder.assertionConsumerServiceLocation(properties.getAcs().getLocation());
builder.assertionConsumerServiceBinding(properties.getAcs().getBinding()); builder.assertionConsumerServiceBinding(properties.getAcs().getBinding());
builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingParty(), usingMetadata)); builder.assertingPartyDetails(mapAssertingParty(properties.getAssertingparty(), usingMetadata));
builder.signingX509Credentials((credentials) -> properties.getSigning().getCredentials().stream() builder.signingX509Credentials((credentials) -> properties.getSigning().getCredentials().stream()
.map(this::asSigningCredential).forEach(credentials::add)); .map(this::asSigningCredential).forEach(credentials::add));
builder.decryptionX509Credentials((credentials) -> properties.getDecryption().getCredentials().stream() builder.decryptionX509Credentials((credentials) -> properties.getDecryption().getCredentials().stream()
.map(this::asDecryptionCredential).forEach(credentials::add)); .map(this::asDecryptionCredential).forEach(credentials::add));
builder.assertingPartyDetails((details) -> details builder.assertingPartyDetails((details) -> details
.verificationX509Credentials((credentials) -> properties.getAssertingParty().getVerification() .verificationX509Credentials((credentials) -> properties.getAssertingparty().getVerification()
.getCredentials().stream().map(this::asVerificationCredential).forEach(credentials::add))); .getCredentials().stream().map(this::asVerificationCredential).forEach(credentials::add)));
builder.entityId(properties.getEntityId()); builder.entityId(properties.getEntityId());
RelyingPartyRegistration registration = builder.build(); RelyingPartyRegistration registration = builder.build();

36
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java
View File

@ -126,7 +126,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
server.start(); server.start();
String metadataUrl = server.url("").toString(); String metadataUrl = server.url("").toString();
setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl) this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl)
.run((context) -> { .run((context) -> {
assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class); assertThat(context).hasSingleBean(RelyingPartyRegistrationRepository.class);
assertThat(server.getRequestCount()).isEqualTo(1); assertThat(server.getRequestCount()).isEqualTo(1);
@ -140,7 +140,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
server.start(); server.start();
String metadataUrl = server.url("").toString(); String metadataUrl = server.url("").toString();
setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl) this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl)
.run((context) -> { .run((context) -> {
RelyingPartyRegistrationRepository repository = context RelyingPartyRegistrationRepository repository = context
.getBean(RelyingPartyRegistrationRepository.class); .getBean(RelyingPartyRegistrationRepository.class);
@ -157,8 +157,8 @@ class Saml2RelyingPartyAutoConfigurationTests {
server.start(); server.start();
String metadataUrl = server.url("").toString(); String metadataUrl = server.url("").toString();
setupMockResponse(server, new ClassPathResource("saml/idp-metadata")); setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
this.contextRunner.withPropertyValues(PREFIX + ".foo.asserting-party.metadata-uri=" + metadataUrl, this.contextRunner.withPropertyValues(PREFIX + ".foo.assertingparty.metadata-uri=" + metadataUrl,
PREFIX + ".foo.asserting-party.singlesignon.binding=redirect").run((context) -> { PREFIX + ".foo.assertingparty.singlesignon.binding=redirect").run((context) -> {
RelyingPartyRegistrationRepository repository = context RelyingPartyRegistrationRepository repository = context
.getBean(RelyingPartyRegistrationRepository.class); .getBean(RelyingPartyRegistrationRepository.class);
RelyingPartyRegistration registration = repository.findByRegistrationId("foo"); RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
@ -216,19 +216,19 @@ class Saml2RelyingPartyAutoConfigurationTests {
private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests) { private String[] getPropertyValuesWithoutSigningCredentials(boolean signRequests) {
return new String[] { PREFIX return new String[] { PREFIX
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", + ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
PREFIX + ".foo.asserting-party.singlesignon.binding=post", PREFIX + ".foo.assertingparty.singlesignon.binding=post",
PREFIX + ".foo.asserting-party.singlesignon.sign-request=" + signRequests, PREFIX + ".foo.assertingparty.singlesignon.sign-request=" + signRequests,
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
} }
private String[] getPropertyValuesWithoutSsoBinding() { private String[] getPropertyValuesWithoutSsoBinding() {
return new String[] { PREFIX return new String[] { PREFIX
+ ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", + ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false", PREFIX + ".foo.assertingparty.singlesignon.sign-request=false",
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location" }; PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
} }
private String[] getPropertyValues() { private String[] getPropertyValues() {
@ -237,11 +237,11 @@ class Saml2RelyingPartyAutoConfigurationTests {
PREFIX + ".foo.signing.credentials[0].certificate-location=classpath:saml/certificate-location", PREFIX + ".foo.signing.credentials[0].certificate-location=classpath:saml/certificate-location",
PREFIX + ".foo.decryption.credentials[0].private-key-location=classpath:saml/private-key-location", PREFIX + ".foo.decryption.credentials[0].private-key-location=classpath:saml/private-key-location",
PREFIX + ".foo.decryption.credentials[0].certificate-location=classpath:saml/certificate-location", PREFIX + ".foo.decryption.credentials[0].certificate-location=classpath:saml/certificate-location",
PREFIX + ".foo.asserting-party.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php", PREFIX + ".foo.assertingparty.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
PREFIX + ".foo.asserting-party.singlesignon.binding=post", PREFIX + ".foo.assertingparty.singlesignon.binding=post",
PREFIX + ".foo.asserting-party.singlesignon.sign-request=false", PREFIX + ".foo.assertingparty.singlesignon.sign-request=false",
PREFIX + ".foo.asserting-party.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php", PREFIX + ".foo.assertingparty.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
PREFIX + ".foo.asserting-party.verification.credentials[0].certificate-location=classpath:saml/certificate-location", PREFIX + ".foo.assertingparty.verification.credentials[0].certificate-location=classpath:saml/certificate-location",
PREFIX + ".foo.entity-id={baseUrl}/saml2/foo-entity-id", PREFIX + ".foo.entity-id={baseUrl}/saml2/foo-entity-id",
PREFIX + ".foo.acs.location={baseUrl}/login/saml2/foo-entity-id", PREFIX + ".foo.acs.location={baseUrl}/login/saml2/foo-entity-id",
PREFIX + ".foo.acs.binding=redirect" }; PREFIX + ".foo.acs.binding=redirect" };

18
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyPropertiesTests.java
View File

@ -41,26 +41,26 @@ class Saml2RelyingPartyPropertiesTests {
@Test @Test
void customizeSsoUrl() { void customizeSsoUrl() {
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.url", bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.url",
"https://simplesaml-for-spring-saml/SSOService.php"); "https://simplesaml-for-spring-saml/SSOService.php");
assertThat( assertThat(
this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon().getUrl()) this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon().getUrl())
.isEqualTo("https://simplesaml-for-spring-saml/SSOService.php"); .isEqualTo("https://simplesaml-for-spring-saml/SSOService.php");
} }
@Test @Test
void customizeSsoBinding() { void customizeSsoBinding() {
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.binding", bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.binding",
"post"); "post");
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon() assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
.getBinding()).isEqualTo(Saml2MessageBinding.POST); .getBinding()).isEqualTo(Saml2MessageBinding.POST);
} }
@Test @Test
void customizeSsoSignRequests() { void customizeSsoSignRequests() {
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.single-sign-on.sign-request", bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.single-sign-on.sign-request",
"false"); "false");
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon() assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
.isSignRequest()).isEqualTo(false); .isSignRequest()).isEqualTo(false);
} }
@ -80,16 +80,16 @@ class Saml2RelyingPartyPropertiesTests {
@Test @Test
void customizeAssertingPartyMetadataUri() { void customizeAssertingPartyMetadataUri() {
bind("spring.security.saml2.relyingparty.registration.simplesamlphp.asserting-party.metadata-uri", bind("spring.security.saml2.relyingparty.registration.simplesamlphp.assertingparty.metadata-uri",
"https://idp.example.org/metadata"); "https://idp.example.org/metadata");
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getMetadataUri()) assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getMetadataUri())
.isEqualTo("https://idp.example.org/metadata"); .isEqualTo("https://idp.example.org/metadata");
} }
@Test @Test
void customizeSsoSignRequestsIsTrueByDefault() { void customizeSsoSignRequestsIsTrueByDefault() {
this.properties.getRegistration().put("simplesamlphp", new Saml2RelyingPartyProperties.Registration()); this.properties.getRegistration().put("simplesamlphp", new Saml2RelyingPartyProperties.Registration());
assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingParty().getSinglesignon() assertThat(this.properties.getRegistration().get("simplesamlphp").getAssertingparty().getSinglesignon()
.isSignRequest()).isEqualTo(true); .isSignRequest()).isEqualTo(true);
} }

4
spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc
View File

@ -262,7 +262,7 @@ You can register multiple relying parties under the `spring.security.saml2.relyi
credentials: credentials:
- private-key-location: "path-to-private-key" - private-key-location: "path-to-private-key"
certificate-location: "path-to-certificate" certificate-location: "path-to-certificate"
asserting-party: assertingparty:
verification: verification:
credentials: credentials:
- certificate-location: "path-to-verification-cert" - certificate-location: "path-to-verification-cert"
@ -278,7 +278,7 @@ You can register multiple relying parties under the `spring.security.saml2.relyi
credentials: credentials:
- private-key-location: "path-to-private-key" - private-key-location: "path-to-private-key"
certificate-location: "path-to-certificate" certificate-location: "path-to-certificate"
asserting-party: assertingparty:
verification: verification:
credentials: credentials:
- certificate-location: "path-to-other-verification-cert" - certificate-location: "path-to-other-verification-cert"

4
spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-saml2-service-provider/src/main/resources/application.yml
View File

@ -8,7 +8,7 @@ spring:
credentials: credentials:
- private-key-location: "classpath:saml/privatekey.txt" - private-key-location: "classpath:saml/privatekey.txt"
certificate-location: "classpath:saml/certificate.txt" certificate-location: "classpath:saml/certificate.txt"
asserting-party: assertingparty:
verification: verification:
credentials: credentials:
- certificate-location: "classpath:saml/certificate.txt" - certificate-location: "classpath:saml/certificate.txt"
@ -21,7 +21,7 @@ spring:
credentials: credentials:
- private-key-location: "classpath:saml/privatekey.txt" - private-key-location: "classpath:saml/privatekey.txt"
certificate-location: "classpath:saml/certificate.txt" certificate-location: "classpath:saml/certificate.txt"
asserting-party: assertingparty:
verification: verification:
credentials: credentials:
- certificate-location: "classpath:saml/certificate.txt" - certificate-location: "classpath:saml/certificate.txt"