Simplify JavaConfig SAML 2.0 Sample

jzheaux · jzheaux · commit 3cdeee495e86 · 2020-07-02T21:24:07.000-06:00
Issue spring-projectsgh-8777
diff --git a/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/saml2login/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@@ -29,56 +29,53 @@
 import org.springframework.security.saml2.credentials.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
 
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION;
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING;
 import static org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION;
+import static org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.withRegistrationId;
 
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	RelyingPartyRegistration getSaml2AuthenticationConfiguration() throws Exception {
-		//remote IDP entity ID
-		String idpEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
-		//remote WebSSO Endpoint - Where to Send AuthNRequests to
-		String webSsoEndpoint = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php";
-		//local registration ID
+	RelyingPartyRegistrationRepository relyingPartyRegistrations() {
 		String registrationId = "simplesamlphp";
-		//local entity ID - autogenerated based on URL
-		String localEntityIdTemplate = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
-		//local signing (and decryption key)
+
+		String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
+		String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 		Saml2X509Credential signingCredential = getSigningCredential();
-		//IDP certificate for verification of incoming messages
-		Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
-		String acsUrlTemplate = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
-		return RelyingPartyRegistration.withRegistrationId(registrationId)
+
+		String apEntityId = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php";
+		String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php";
+		Saml2X509Credential apVerificationCertificate = getVerificationCertificate();
+
+		RelyingPartyRegistration relyingParty = withRegistrationId(registrationId)
+				.entityId(rpEntityId)
 				.signingX509Credentials(c -> c.add(signingCredential))
-				.entityId(localEntityIdTemplate)
-				.assertionConsumerServiceLocation(acsUrlTemplate)
+				.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
 				.providerDetails(assertingParty -> assertingParty
-						.entityId(idpEntityId)
-						.verificationX509Credentials(c -> c.add(idpVerificationCertificate))
-						.singleSignOnServiceLocation(webSsoEndpoint))
+						.entityId(apEntityId)
+						.verificationX509Credentials(c -> c.add(apVerificationCertificate))
+						.singleSignOnServiceLocation(singleSignOnServiceLocation)
+				)
 				.build();
+		return new InMemoryRelyingPartyRegistrationRepository(relyingParty);
 	}
 
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
+			.authorizeRequests(authz -> authz
 				.anyRequest().authenticated()
-				.and()
-			.saml2Login()
-				.relyingPartyRegistrationRepository(
-						new InMemoryRelyingPartyRegistrationRepository(
-							getSaml2AuthenticationConfiguration()
-					)
-				)
+			)
+			.saml2Login(saml2 -> saml2
+				.relyingPartyRegistrationRepository(relyingPartyRegistrations())
 				.loginProcessingUrl("/sample/jc/saml2/sso/{registrationId}")
-		;
+			);
 		// @formatter:on
 	}
 
