Skip to content

Commit 3540dee

Browse files
jzheauxjzheaux
committed
Merge branch '6.1.x'
Closes gh-13701
2 parents 9c599fa + 321deb3 commit 3540dee

File tree

2 files changed

+30
-16
lines changed

2 files changed

+30
-16
lines changed

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/RequestMatcherMetadataResponseResolver.java

Lines changed: 10 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,6 @@
1919
import java.io.UnsupportedEncodingException;
2020
import java.net.URLEncoder;
2121
import java.nio.charset.StandardCharsets;
22-
import java.util.ArrayList;
23-
import java.util.Collection;
2422
import java.util.Collections;
2523
import java.util.LinkedHashMap;
2624
import java.util.Map;
@@ -126,21 +124,19 @@ private Saml2MetadataResponse responseByIterable(HttpServletRequest request,
126124
Iterable<RelyingPartyRegistration> registrations) {
127125
Map<String, RelyingPartyRegistration> results = new LinkedHashMap<>();
128126
for (RelyingPartyRegistration registration : registrations) {
129-
results.put(registration.getEntityId(), registration);
130-
}
131-
Collection<RelyingPartyRegistration> resolved = new ArrayList<>();
132-
for (RelyingPartyRegistration registration : results.values()) {
133127
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
134128
String entityId = uriResolver.resolve(registration.getEntityId());
135-
String ssoLocation = uriResolver.resolve(registration.getAssertionConsumerServiceLocation());
136-
String sloLocation = uriResolver.resolve(registration.getSingleLogoutServiceLocation());
137-
String sloResponseLocation = uriResolver.resolve(registration.getSingleLogoutServiceResponseLocation());
138-
resolved.add(registration.mutate().entityId(entityId).assertionConsumerServiceLocation(ssoLocation)
139-
.singleLogoutServiceLocation(sloLocation).singleLogoutServiceResponseLocation(sloResponseLocation)
140-
.build());
129+
results.computeIfAbsent(entityId, (e) -> {
130+
String ssoLocation = uriResolver.resolve(registration.getAssertionConsumerServiceLocation());
131+
String sloLocation = uriResolver.resolve(registration.getSingleLogoutServiceLocation());
132+
String sloResponseLocation = uriResolver.resolve(registration.getSingleLogoutServiceResponseLocation());
133+
return registration.mutate().entityId(entityId).assertionConsumerServiceLocation(ssoLocation)
134+
.singleLogoutServiceLocation(sloLocation)
135+
.singleLogoutServiceResponseLocation(sloResponseLocation).build();
136+
});
141137
}
142-
String metadata = this.metadata.resolve(resolved);
143-
String value = (resolved.size() == 1) ? resolved.iterator().next().getRegistrationId()
138+
String metadata = this.metadata.resolve(results.values());
139+
String value = (results.size() == 1) ? results.values().iterator().next().getRegistrationId()
144140
: UUID.randomUUID().toString();
145141
String fileName = this.filename.replace("{registrationId}", value);
146142
try {

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/RequestMatcherMetadataResponseResolverTests.java

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020

2121
import org.junit.jupiter.api.Test;
2222
import org.junit.jupiter.api.extension.ExtendWith;
23+
import org.mockito.ArgumentCaptor;
2324
import org.mockito.Mock;
2425
import org.mockito.junit.jupiter.MockitoExtension;
2526

@@ -101,15 +102,32 @@ void resolveWhenRequestDoesNotMatchThenNull() {
101102
assertThat(resolver.resolve(new MockHttpServletRequest())).isNull();
102103
}
103104

105+
// gh-13700
106+
@Test
107+
void resolveWhenNoRegistrationIdThenResolvesEntityIds() {
108+
RelyingPartyRegistration one = withEntityId("one");
109+
RelyingPartyRegistration two = withEntityId("two");
110+
RelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository(one, two);
111+
RequestMatcherMetadataResponseResolver resolver = new RequestMatcherMetadataResponseResolver(registrations,
112+
this.metadataFactory);
113+
given(this.metadataFactory.resolve(any(Collection.class))).willReturn("metadata");
114+
resolver.resolve(get("/saml2/metadata"));
115+
ArgumentCaptor<Collection<RelyingPartyRegistration>> captor = ArgumentCaptor.forClass(Collection.class);
116+
verify(this.metadataFactory).resolve(captor.capture());
117+
Collection<RelyingPartyRegistration> resolved = captor.getValue();
118+
assertThat(resolved).hasSize(2);
119+
assertThat(resolved.iterator().next().getEntityId()).isEqualTo("one");
120+
}
121+
104122
private MockHttpServletRequest get(String uri) {
105123
MockHttpServletRequest request = new MockHttpServletRequest("GET", uri);
106124
request.setServletPath(uri);
107125
return request;
108126
}
109127

110128
private RelyingPartyRegistration withEntityId(String entityId) {
111-
return TestRelyingPartyRegistrations.relyingPartyRegistration().registrationId(entityId).entityId(entityId)
112-
.build();
129+
return TestRelyingPartyRegistrations.relyingPartyRegistration().registrationId(entityId)
130+
.entityId("{registrationId}").build();
113131
}
114132

115133
}

0 commit comments

Comments
 (0)