From 2e5c87dc75c154fbebbb3cf488db1ef347f312d7 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Thu, 16 Jul 2020 10:40:27 -0600 Subject: [PATCH] Restore Binary Compatibility Issue gh-8835 --- .../Saml2AuthenticationException.java | 70 ++++++++++++++++++- .../service/authentication/Saml2Error.java | 12 ++-- .../authentication/Saml2ErrorCodes.java | 22 +++--- .../OpenSamlAuthenticationProviderTests.java | 1 - 4 files changed, 83 insertions(+), 22 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java index 332762f002..12b16a7358 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationException.java @@ -83,13 +83,75 @@ public class Saml2AuthenticationException extends AuthenticationException { this.setError(error); } + /** + * Constructs a {@code Saml2AuthenticationException} using the provided parameters. + * + * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error} + * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead + */ + @Deprecated + public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error) { + this(error, error.getDescription()); + } + + /** + * Constructs a {@code Saml2AuthenticationException} using the provided parameters. + * + * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error} + * @param cause the root cause + * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead + */ + @Deprecated + public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, Throwable cause) { + this(error, cause.getMessage(), cause); + } + + /** + * Constructs a {@code Saml2AuthenticationException} using the provided parameters. + * + * @param error the {@link Saml2Error SAML 2.0 Error} + * @param message the detail message + * @deprecated Use {@link Saml2Error} constructor instead + */ + @Deprecated + public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message) { + super(message); + this.setError(error); + } + + /** + * Constructs a {@code Saml2AuthenticationException} using the provided parameters. + * + * @param error the {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error SAML 2.0 Error} + * @param message the detail message + * @param cause the root cause + * @deprecated Use {@link org.springframework.security.saml2.provider.service.authentication.Saml2Error} constructor instead + */ + @Deprecated + public Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2Error error, String message, Throwable cause) { + super(message, cause); + this.setError(error); + } + + /** + * Get the associated {@link Saml2Error} + * + * @return the associated {@link Saml2Error} + */ + public Saml2Error getSaml2Error() { + return this.error; + } + /** * Returns the {@link Saml2Error SAML 2.0 Error}. * * @return the {@link Saml2Error} + * @deprecated Use {@link #getSaml2Error()} instead */ - public Saml2Error getError() { - return this.error; + @Deprecated + public org.springframework.security.saml2.provider.service.authentication.Saml2Error getError() { + return new org.springframework.security.saml2.provider.service.authentication.Saml2Error( + this.error.getErrorCode(), this.error.getDescription()); } private void setError(Saml2Error error) { @@ -97,6 +159,10 @@ public class Saml2AuthenticationException extends AuthenticationException { this.error = error; } + private void setError(org.springframework.security.saml2.provider.service.authentication.Saml2Error error) { + setError(new Saml2Error(error.getErrorCode(), error.getDescription())); + } + @Override public String toString() { final StringBuffer sb = new StringBuffer("Saml2AuthenticationException{"); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java index e9cf3d3b98..721b0d5b5a 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Error.java @@ -19,7 +19,6 @@ package org.springframework.security.saml2.provider.service.authentication; import java.io.Serializable; import org.springframework.security.core.SpringSecurityCoreVersion; -import org.springframework.util.Assert; /** * A representation of an SAML 2.0 Error. @@ -36,8 +35,7 @@ import org.springframework.util.Assert; public class Saml2Error implements Serializable { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; - private final String errorCode; - private final String description; + private final org.springframework.security.saml2.core.Saml2Error error; /** * Constructs a {@code Saml2Error} using the provided parameters. @@ -46,9 +44,7 @@ public class Saml2Error implements Serializable { * @param description the error description */ public Saml2Error(String errorCode, String description) { - Assert.hasText(errorCode, "errorCode cannot be empty"); - this.errorCode = errorCode; - this.description = description; + this.error = new org.springframework.security.saml2.core.Saml2Error(errorCode, description); } /** @@ -57,7 +53,7 @@ public class Saml2Error implements Serializable { * @return the error code */ public final String getErrorCode() { - return this.errorCode; + return this.error.getErrorCode(); } /** @@ -66,7 +62,7 @@ public class Saml2Error implements Serializable { * @return the error description */ public final String getDescription() { - return this.description; + return this.error.getDescription(); } @Override diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java index e0dcba514f..b525f3a8e7 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2ErrorCodes.java @@ -30,12 +30,12 @@ public interface Saml2ErrorCodes { * SAML 2 Response object of type {@code ResponseType} per specification * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46 */ - String UNKNOWN_RESPONSE_CLASS = "unknown_response_class"; + String UNKNOWN_RESPONSE_CLASS = org.springframework.security.saml2.core.Saml2ErrorCodes.UNKNOWN_RESPONSE_CLASS; /** * The response data is malformed or incomplete. * An invalid XML object was received, and XML unmarshalling failed. */ - String MALFORMED_RESPONSE_DATA = "malformed_response_data"; + String MALFORMED_RESPONSE_DATA = org.springframework.security.saml2.core.Saml2ErrorCodes.MALFORMED_RESPONSE_DATA; /** * Response destination does not match the request URL. * A SAML 2 response object was received at a URL that @@ -43,13 +43,13 @@ public interface Saml2ErrorCodes { * in the Response object. * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38 */ - String INVALID_DESTINATION = "invalid_destination"; + String INVALID_DESTINATION = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_DESTINATION; /** * The assertion was not valid. * The assertion used for authentication failed validation. * Details around the failure will be present in the error description. */ - String INVALID_ASSERTION = "invalid_assertion"; + String INVALID_ASSERTION = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ASSERTION; /** * The signature of response or assertion was invalid. * Either the response or the assertion was missing a signature @@ -57,7 +57,7 @@ public interface Saml2ErrorCodes { * configured credentials. Most commonly the IDP's * X509 certificate. */ - String INVALID_SIGNATURE = "invalid_signature"; + String INVALID_SIGNATURE = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_SIGNATURE; /** * The assertion did not contain a subject element. * The subject element, type SubjectType, contains @@ -67,7 +67,7 @@ public interface Saml2ErrorCodes { * * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18 */ - String SUBJECT_NOT_FOUND = "subject_not_found"; + String SUBJECT_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.SUBJECT_NOT_FOUND; /** * The subject did not contain a user identifier * The assertion contained a subject element, but the subject @@ -76,28 +76,28 @@ public interface Saml2ErrorCodes { * * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18 */ - String USERNAME_NOT_FOUND = "username_not_found"; + String USERNAME_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.USERNAME_NOT_FOUND; /** * The system failed to decrypt an assertion or a name identifier. * This error code will be thrown if the decryption of either a * {@code EncryptedAssertion} or {@code EncryptedID} fails. * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17 */ - String DECRYPTION_ERROR = "decryption_error"; + String DECRYPTION_ERROR = org.springframework.security.saml2.core.Saml2ErrorCodes.DECRYPTION_ERROR; /** * An Issuer element contained a value that didn't * https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15 */ - String INVALID_ISSUER = "invalid_issuer"; + String INVALID_ISSUER = org.springframework.security.saml2.core.Saml2ErrorCodes.INVALID_ISSUER; /** * An error happened during validation. * Used when internal, non classified, errors are caught during the * authentication process. */ - String INTERNAL_VALIDATION_ERROR = "internal_validation_error"; + String INTERNAL_VALIDATION_ERROR = org.springframework.security.saml2.core.Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR; /** * The relying party registration was not found. * The registration ID did not correspond to any relying party registration. */ - String RELYING_PARTY_REGISTRATION_NOT_FOUND = "relying_party_registration_not_found"; + String RELYING_PARTY_REGISTRATION_NOT_FOUND = org.springframework.security.saml2.core.Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND; } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java index f710673dbe..64f5946dba 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java @@ -52,7 +52,6 @@ import org.w3c.dom.Element; import org.xml.sax.InputSource; import org.springframework.security.core.Authentication; -import org.springframework.security.saml2.core.Saml2ErrorCodes; import org.springframework.security.saml2.credentials.Saml2X509Credential; import static org.assertj.core.api.Assertions.assertThat;