org.springframework.security.saml.metadata.ExtendedMetadataDelegate Java Examples
The following examples show how to use
org.springframework.security.saml.metadata.ExtendedMetadataDelegate.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
public void updateSAMLConfiguration(boolean samlEnabled, String metadataURL, String entityId, String entityBaseUrl) {
try {
logger.debug("SAML Config Update.");
List<ExtendedMetadataDelegate> currentProviders = metadataManager.getAvailableProviders();
currentProviders.forEach(ExtendedMetadataDelegate::destroy);
metadataManager.setProviders(List.of());
metadataManager.setDefaultIDP(null);
metadataManager.setHostedSPName(null);
metadataManager.afterPropertiesSet();
metadataGenerator.setEntityId(null);
metadataGenerator.setEntityBaseURL(null);
logger.debug("SAML cleared configuration.");
if (samlEnabled) {
setupMetadataManager(metadataURL, entityId, entityBaseUrl);
}
} catch (Exception e) {
logger.error("Error updating the SAML identity provider.", e);
}
}
Example #2
| Source File: InsightsSecurityConfigurationAdapterSAML.java From Insights with Apache License 2.0 | 6 votes |
|
/**
* Provide IDP Metadata
*
* @return
* @throws MetadataProviderException
*/
@Bean
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public ExtendedMetadataDelegate idpMetadata() throws MetadataProviderException {
Timer backgroundTaskTimer = new Timer(true);
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(),
singleSignOnConfig.getMetadataUrl());
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(true);
extendedMetadataDelegate.setMetadataRequireSignature(true);
return extendedMetadataDelegate;
}
Example #3
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 6 votes |
|
@Test
public void configure_constructor() throws Exception {
MetadataManager metadataManager = mock(MetadataManager.class);
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer(metadataManager));
configurer.setBuilder(builder);
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
verify(metadataManagerProperties, never()).getDefaultIdp();
verify(metadataManagerProperties, never()).getHostedSpName();
verify(metadataManagerProperties, never()).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
Example #4
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public void setupMetadataManager(String metadataURL, String entityId, String entityBaseUrl) throws MetadataProviderException {
logger.debug("SAML Setup MetaData Manager");
logger.debug("SAML - MetadataUrl: {}, EntityID: {}, EntityBaseUrl: {}", metadataURL, entityId, entityBaseUrl);
metadataGenerator.setEntityId(entityId);
metadataGenerator.setEntityBaseURL(entityBaseUrl);
Optional<ExtendedMetadataDelegate> httpProvider = createHttpProvider(metadataURL);
Optional<ExtendedMetadataDelegate> fileProvider = createFileProvider();
List<MetadataProvider> providers = List.of(httpProvider, fileProvider).stream()
.flatMap(Optional::stream)
.collect(Collectors.toList());
metadataManager.setProviders(providers);
metadataManager.afterPropertiesSet();
}
Example #5
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public Optional<ExtendedMetadataDelegate> createHttpProvider(String metadataUrl) throws MetadataProviderException {
if (StringUtils.isBlank(metadataUrl)) {
return Optional.empty();
}
logger.debug("SAML - Create Http Metadata provider.");
// The URL can not end in a '/' because it messes with the paths for saml
String correctedMetadataURL = StringUtils.removeEnd(metadataUrl, "/");
Timer backgroundTaskTimer = new Timer(true);
HTTPMetadataProvider provider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(), correctedMetadataURL);
provider.setParserPool(parserPool);
return Optional.of(createDelegate(provider));
}
Example #6
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public Optional<ExtendedMetadataDelegate> createFileProvider() throws MetadataProviderException {
Timer backgroundTaskTimer = new Timer(true);
if (!filePersistenceUtil.uploadFileExists(AuthenticationDescriptor.SAML_METADATA_FILE)) {
return Optional.empty();
}
logger.debug("SAML - Create File Metadata provider.");
File metadataFile = filePersistenceUtil.createUploadsFile(AuthenticationDescriptor.SAML_METADATA_FILE);
FilesystemMetadataProvider provider = new FilesystemMetadataProvider(backgroundTaskTimer, metadataFile);
provider.setParserPool(parserPool);
return Optional.of(createDelegate(provider));
}
Example #7
| Source File: MetadataManagerConfigurer.java From spring-boot-security-saml with MIT License | 5 votes |
|
@SneakyThrows
private ExtendedMetadataDelegate getExtendedProvider(MetadataProvider provider, ExtendedMetadata extendedMetadata, DelegateProps props, ExtendedMetadataDelegateProperties extendedDelegateConfig) {
if (provider instanceof ExtendedMetadataDelegate) {
return (ExtendedMetadataDelegate) provider;
}
ExtendedMetadataDelegate delegate = createDefaultExtendedMetadataDelegate(provider, extendedMetadata);
delegate.setForceMetadataRevocationCheck(Optional.ofNullable(props.forceMetadataRevocationCheck)
.orElseGet(extendedDelegateConfig::isForceMetadataRevocationCheck));
delegate.setMetadataRequireSignature(Optional.ofNullable(props.metadataRequireSignature)
.orElseGet(extendedDelegateConfig::isMetadataRequireSignature));
delegate.setMetadataTrustCheck(Optional.ofNullable(props.metadataTrustCheck)
.orElseGet(extendedDelegateConfig::isMetadataTrustCheck));
delegate.setMetadataTrustedKeys(Optional.ofNullable(props.metadataTrustedKeys)
.orElseGet(extendedDelegateConfig::getMetadataTrustedKeys));
delegate.setRequireValidMetadata(Optional.ofNullable(props.requireValidMetadata)
.orElseGet(extendedDelegateConfig::isRequireValidMetadata));
delegate.setMetadataFilter(Optional.ofNullable(props.metadataFilter)
.map(this::postProcess)
.orElse(null));
return postProcess(delegate);
}
Example #8
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_defaults() throws Exception {
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(any(), any());
configurer.setBuilder(builder);
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
verify(metadataManagerProperties).getDefaultIdp();
verify(metadataManagerProperties).getHostedSpName();
verify(metadataManagerProperties).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isEqualTo(delegate);
verify(metadataManager).setDefaultIDP(eq(metadataManagerProperties.getDefaultIdp()));
verify(metadataManager).setHostedSPName(eq(metadataManagerProperties.getHostedSpName()));
verify(metadataManager).setRefreshCheckInterval(eq(metadataManagerProperties.getRefreshCheckInterval()));
verify(delegate).setForceMetadataRevocationCheck(eq(extendedMetadataDelegateProperties.isForceMetadataRevocationCheck()));
verify(delegate).setMetadataRequireSignature(eq(extendedMetadataDelegateProperties.isMetadataRequireSignature()));
verify(delegate).setMetadataTrustCheck(eq(extendedMetadataDelegateProperties.isMetadataTrustCheck()));
verify(delegate).setMetadataTrustedKeys(eq(extendedMetadataDelegateProperties.getMetadataTrustedKeys()));
verify(delegate).setRequireValidMetadata(eq(extendedMetadataDelegateProperties.isRequireValidMetadata()));
verify(delegate).setMetadataFilter((MetadataFilter) isNull());
}
Example #9
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_defaults_withProvider() throws Exception {
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
configurer.setBuilder(builder);
AbstractMetadataProvider provider = mock(AbstractMetadataProvider.class);
configurer.metadataProvider(provider);
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(provider).setParserPool(eq(parserPool));
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
verify(metadataManagerProperties).getDefaultIdp();
verify(metadataManagerProperties).getHostedSpName();
verify(metadataManagerProperties).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isEqualTo(provider);
}
Example #10
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_defaults_withProviderDelegate() throws Exception {
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
configurer.setBuilder(builder);
MetadataProvider provider = mock(ExtendedMetadataDelegate.class);
configurer.metadataProvider(provider);
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
verify(metadataManagerProperties).getDefaultIdp();
verify(metadataManagerProperties).getHostedSpName();
verify(metadataManagerProperties).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isEqualTo(provider);
assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isNull();
}
Example #11
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_defaults_withProviderLocation() throws Exception {
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
configurer.setBuilder(builder);
configurer.metadataLocations("classpath:idp-provided.xml");
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
verify(metadataManagerProperties).getDefaultIdp();
verify(metadataManagerProperties).getHostedSpName();
verify(metadataManagerProperties).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
Example #12
| Source File: WebSecurityConfig.java From spring-boot-security-saml-sample with Apache License 2.0 | 5 votes |
|
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
throws MetadataProviderException {
String idpSSOCircleMetadataURL = "https://idp.ssocircle.com/meta-idp.xml";
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(true);
extendedMetadataDelegate.setMetadataRequireSignature(false);
backgroundTaskTimer.purge();
return extendedMetadataDelegate;
}
Example #13
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 4 votes |
|
private ExtendedMetadataDelegate createDelegate(MetadataProvider provider) {
ExtendedMetadataDelegate delegate = new ExtendedMetadataDelegate(provider, extendedMetadata);
delegate.setMetadataTrustCheck(true);
delegate.setMetadataRequireSignature(false);
return delegate;
}
Example #14
| Source File: MetadataManagerConfigurer.java From spring-boot-security-saml with MIT License | 4 votes |
|
@VisibleForTesting
protected ExtendedMetadataDelegate createDefaultExtendedMetadataDelegate(MetadataProvider provider, ExtendedMetadata extendedMetadata) {
return new ExtendedMetadataDelegate(provider, extendedMetadata);
}
Example #15
| Source File: MetadataManagerConfigurerTest.java From spring-boot-security-saml with MIT License | 4 votes |
|
@Test
public void configure_arguments() throws Exception {
MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
ResourceBackedMetadataProvider provider = mock(ResourceBackedMetadataProvider.class);
doReturn(provider).when(configurer).createDefaultMetadataProvider("classpath:idp-provided.xml");
ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any(ExtendedMetadata.class));
MetadataFilter metadataFilter = mock(MetadataFilter.class);
configurer.setBuilder(builder);
configurer
.metadataLocations("classpath:idp-provided.xml")
.defaultIDP("default")
.hostedSPName("spname")
.refreshCheckInterval(999L)
.forceMetadataRevocationCheck(true)
.metadataRequireSignature(true)
.metadataTrustCheck(true)
.requireValidMetadata(true)
.metadataTrustedKeys("one", "two")
.metadataFilter(metadataFilter);
configurer.init(builder);
configurer.configure(builder);
verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
verify(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any());
verify(metadataManagerProperties, never()).getDefaultIdp();
verify(metadataManagerProperties, never()).getHostedSpName();
verify(metadataManagerProperties, never()).getRefreshCheckInterval();
verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
List<MetadataProvider> providers = providersCaptor.getValue();
assertThat(providers).hasSize(1);
assertThat(providers.get(0)).isEqualTo(delegate);
verify(metadataManager).setDefaultIDP(eq("default"));
verify(metadataManager).setHostedSPName(eq("spname"));
verify(metadataManager).setRefreshCheckInterval(eq(999L));
verify(delegate).setForceMetadataRevocationCheck(eq(true));
verify(delegate).setMetadataRequireSignature(eq(true));
verify(delegate).setMetadataTrustCheck(eq(true));
verify(delegate).setMetadataTrustedKeys((Set<String>) MockitoHamcrest.argThat(contains("one", "two")));
verify(delegate).setRequireValidMetadata(eq(true));
verify(delegate).setMetadataFilter(eq(metadataFilter));
}
