Add query parameter support for authn requests

Closes gh-15017
This commit is contained in:
Josh Cummings
2024-06-21 19:17:42 -06:00
parent 587aa495f7
commit 796e4d6b6c
6 changed files with 237 additions and 17 deletions

View File

@@ -101,6 +101,7 @@ import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.startsWith;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.atLeastOnce;
@@ -113,6 +114,7 @@ import static org.springframework.security.config.annotation.SecurityContextChan
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -343,6 +345,19 @@ public class Saml2LoginConfigurerTests {
any(HttpServletRequest.class), any(HttpServletResponse.class));
}
@Test
public void authenticationRequestWhenCustomAuthenticationRequestPathRepositoryThenUses() throws Exception {
this.spring.register(CustomAuthenticationRequestUriQuery.class).autowire();
MockHttpServletRequestBuilder request = get("/custom/auth/sso");
this.mvc.perform(request)
.andExpect(status().isFound())
.andExpect(redirectedUrl("http://localhost/custom/auth/sso?entityId=registration-id"));
request.queryParam("entityId", registration.getRegistrationId());
MvcResult result = this.mvc.perform(request).andExpect(status().isFound()).andReturn();
String redirectedUrl = result.getResponse().getRedirectedUrl();
assertThat(redirectedUrl).startsWith(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
}
@Test
public void saml2LoginWhenLoginProcessingUrlWithoutRegistrationIdAndDefaultAuthenticationConverterThenAutowires()
throws Exception {
@@ -390,7 +405,7 @@ public class Saml2LoginConfigurerTests {
.andExpect(redirectedUrl("http://localhost/login"));
this.mvc.perform(get("/").accept(MediaType.TEXT_HTML))
.andExpect(status().isFound())
.andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id"));
.andExpect(header().string("Location", startsWith("http://localhost/saml2/authenticate")));
}
@Test
@@ -669,6 +684,23 @@ public class Saml2LoginConfigurerTests {
}
@Configuration
@EnableWebSecurity
@Import(Saml2LoginConfigBeans.class)
static class CustomAuthenticationRequestUriQuery {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeHttpRequests((authz) -> authz.anyRequest().authenticated())
.saml2Login((saml2) -> saml2.authenticationRequestUriQuery("/custom/auth/sso?entityId={registrationId}"));
// @formatter:on
return http.build();
}
}
@Configuration
@EnableWebSecurity
@Import(Saml2LoginConfigBeans.class)