Skip to content

Commit 861368b

Browse files
marcusdacoregiomarcusdacoregio
committed
Make Saml2AuthenticationRequests serializable
Closes gh-10550
1 parent f94090a commit 861368b

File tree

3 files changed

+118
-2
lines changed

3 files changed

+118
-2
lines changed

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2020 the original author or authors.
2+
* Copyright 2002-2022 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -16,8 +16,10 @@
1616

1717
package org.springframework.security.saml2.provider.service.authentication;
1818

19+
import java.io.Serializable;
1920
import java.nio.charset.Charset;
2021

22+
import org.springframework.security.core.SpringSecurityCoreVersion;
2123
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
2224
import org.springframework.util.Assert;
2325

@@ -34,7 +36,9 @@
3436
* @see Saml2AuthenticationRequestFactory#createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
3537
* @see Saml2AuthenticationRequestFactory#createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
3638
*/
37-
public abstract class AbstractSaml2AuthenticationRequest {
39+
public abstract class AbstractSaml2AuthenticationRequest implements Serializable {
40+
41+
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
3842

3943
private final String samlRequest;
4044

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequestTests.java

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
/*
2+
* Copyright 2002-2022 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.saml2.provider.service.authentication;
18+
19+
import org.junit.jupiter.api.Test;
20+
21+
import org.springframework.util.SerializationUtils;
22+
23+
import static org.assertj.core.api.Assertions.assertThat;
24+
25+
class Saml2PostAuthenticationRequestTests {
26+
27+
private static final String IDP_SSO_URL = "https://sso-url.example.com/IDP/SSO";
28+
29+
@Test
30+
void serializeWhenDeserializeThenSameFields() {
31+
Saml2PostAuthenticationRequest authenticationRequest = getAuthenticationRequestBuilder().build();
32+
byte[] bytes = SerializationUtils.serialize(authenticationRequest);
33+
Saml2PostAuthenticationRequest deserializedAuthenticationRequest = (Saml2PostAuthenticationRequest) SerializationUtils
34+
.deserialize(bytes);
35+
assertThat(deserializedAuthenticationRequest).usingRecursiveComparison().isEqualTo(authenticationRequest);
36+
}
37+
38+
@Test
39+
void serializeWhenDeserializeAndCompareToOtherThenNotSame() {
40+
Saml2PostAuthenticationRequest authenticationRequest = getAuthenticationRequestBuilder().build();
41+
Saml2PostAuthenticationRequest otherAuthenticationRequest = getAuthenticationRequestBuilder()
42+
.relayState("relay").build();
43+
byte[] bytes = SerializationUtils.serialize(otherAuthenticationRequest);
44+
Saml2PostAuthenticationRequest deserializedAuthenticationRequest = (Saml2PostAuthenticationRequest) SerializationUtils
45+
.deserialize(bytes);
46+
assertThat(deserializedAuthenticationRequest).usingRecursiveComparison().isNotEqualTo(authenticationRequest);
47+
}
48+
49+
private Saml2PostAuthenticationRequest.Builder getAuthenticationRequestBuilder() {
50+
return Saml2PostAuthenticationRequest
51+
.withAuthenticationRequestContext(
52+
TestSaml2AuthenticationRequestContexts.authenticationRequestContext().build())
53+
.samlRequest("request").authenticationRequestUri(IDP_SSO_URL);
54+
}
55+
56+
}

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequestTests.java

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
/*
2+
* Copyright 2002-2022 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.saml2.provider.service.authentication;
18+
19+
import org.junit.jupiter.api.Test;
20+
21+
import org.springframework.util.SerializationUtils;
22+
23+
import static org.assertj.core.api.Assertions.assertThat;
24+
25+
class Saml2RedirectAuthenticationRequestTests {
26+
27+
private static final String IDP_SSO_URL = "https://sso-url.example.com/IDP/SSO";
28+
29+
@Test
30+
void serializeWhenDeserializeThenSameFields() {
31+
Saml2RedirectAuthenticationRequest authenticationRequest = getAuthenticationRequestBuilder().build();
32+
byte[] bytes = SerializationUtils.serialize(authenticationRequest);
33+
Saml2RedirectAuthenticationRequest deserializedAuthenticationRequest = (Saml2RedirectAuthenticationRequest) SerializationUtils
34+
.deserialize(bytes);
35+
assertThat(deserializedAuthenticationRequest).usingRecursiveComparison().isEqualTo(authenticationRequest);
36+
}
37+
38+
@Test
39+
void serializeWhenDeserializeAndCompareToOtherThenNotSame() {
40+
Saml2RedirectAuthenticationRequest authenticationRequest = getAuthenticationRequestBuilder().build();
41+
Saml2RedirectAuthenticationRequest otherAuthenticationRequest = getAuthenticationRequestBuilder()
42+
.relayState("relay").build();
43+
byte[] bytes = SerializationUtils.serialize(otherAuthenticationRequest);
44+
Saml2RedirectAuthenticationRequest deserializedAuthenticationRequest = (Saml2RedirectAuthenticationRequest) SerializationUtils
45+
.deserialize(bytes);
46+
assertThat(deserializedAuthenticationRequest).usingRecursiveComparison().isNotEqualTo(authenticationRequest);
47+
}
48+
49+
private Saml2RedirectAuthenticationRequest.Builder getAuthenticationRequestBuilder() {
50+
return Saml2RedirectAuthenticationRequest
51+
.withAuthenticationRequestContext(
52+
TestSaml2AuthenticationRequestContexts.authenticationRequestContext().build())
53+
.samlRequest("request").authenticationRequestUri(IDP_SSO_URL);
54+
}
55+
56+
}

0 commit comments

Comments
 (0)