From e71392df262be273abcc034ed83165da6aebcdc1 Mon Sep 17 00:00:00 2001 From: Mauro Molinari Date: Thu, 1 Apr 2021 18:57:11 +0200 Subject: [PATCH 1/6] Allow for extension classes to post-process generated XML This change allows for any java-saml consumer to extend the standard classes used to generate SAML messages (AuthnRequest, LogoutRequest and LogoutResponse), as well as the metadata, and provide their own logic to post-process the default XML produced by java-saml. Any extension class will then be able to transform or enrich the generated XML as required, before the framework applies encoding, encryption or signing. --- .../onelogin/saml2/authn/AuthnRequest.java | 20 ++++++++++++++++- .../onelogin/saml2/logout/LogoutRequest.java | 22 ++++++++++++++++++- .../onelogin/saml2/logout/LogoutResponse.java | 20 ++++++++++++++++- .../com/onelogin/saml2/settings/Metadata.java | 20 ++++++++++++++++- .../saml2/test/authn/AuthnRequestTest.java | 19 ++++++++++++++++ .../saml2/test/logout/LogoutRequestTest.java | 19 ++++++++++++++++ .../saml2/test/logout/LogoutResponseTest.java | 20 +++++++++++++++++ .../saml2/test/settings/MetadataTest.java | 19 ++++++++++++++++ 8 files changed, 155 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index 946d07d7..2483ea5e 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -101,7 +101,7 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv this.nameIdValueReq = nameIdValueReq; StrSubstitutor substitutor = generateSubstitutor(settings); - authnRequestString = substitutor.replace(getAuthnRequestTemplate()); + authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate())); LOGGER.debug("AuthNRequest --> " + authnRequestString); } @@ -121,6 +121,24 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv this(settings, forceAuthn, isPassive, setNameIdPolicy, null); } + /** + * Allows for an extension class to post-process the AuthnRequest XML generated + * for this request, in order to customize the result. + *

+ * This method is invoked at construction time, after all the other fields of + * this class have already been initialised. Its default implementation simply + * returns the input XML as-is, with no change. + * + * @param authRequestXml + * the XML produced for this AuthnRequest by the standard + * implementation provided by {@link AuthnRequest} + * @return the post-processed XML for this AuthnRequest, which will then be + * returned by any call to {@link #getAuthnRequestXml()} + */ + protected String postProcessXml(final String authRequestXml) { + return authRequestXml; + } + /** * @return the base64 encoded unsigned AuthnRequest (deflated or not) * diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index e72e8914..c1572e09 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -139,7 +139,7 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, this.sessionIndex = sessionIndex; StrSubstitutor substitutor = generateSubstitutor(settings); - logoutRequestString = substitutor.replace(getLogoutRequestTemplate()); + logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate())); } else { logoutRequestString = Util.base64decodedInflated(samlLogoutRequest); Document doc = Util.loadXML(logoutRequestString); @@ -224,6 +224,26 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request) { this(settings, request, null, null); } + /** + * Allows for an extension class to post-process the LogoutRequest XML generated + * for this request, in order to customize the result. + *

+ * This method is invoked at construction time when no existing LogoutRequest + * message is found in the HTTP request (and hence in the logout request sending + * scenario only), after all the other fields of this class have already been + * initialised. Its default implementation simply returns the input XML as-is, + * with no change. + * + * @param logoutRequestXml + * the XML produced for this LogoutRequest by the standard + * implementation provided by {@link LogoutRequest} + * @return the post-processed XML for this LogoutRequest, which will then be + * returned by any call to {@link #getLogoutRequestXml()} + */ + protected String postProcessXml(final String logoutRequestXml) { + return logoutRequestXml; + } + /** * @return the base64 encoded unsigned Logout Request (deflated or not) * diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java index 9ebfc33a..38814ff7 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java @@ -364,7 +364,7 @@ public void build(String inResponseTo, String statusCode) { this.inResponseTo = inResponseTo; StrSubstitutor substitutor = generateSubstitutor(settings, statusCode); - this.logoutResponseString = substitutor.replace(getLogoutResponseTemplate()); + this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate())); } /** @@ -385,6 +385,24 @@ public void build() { build(null); } + /** + * Allows for an extension class to post-process the LogoutResponse XML + * generated for this response, in order to customize the result. + *

+ * This method is invoked by {@link #build(String, String)} (and all of its + * overloadings) and hence only in the logout response sending scenario. Its + * default implementation simply returns the input XML as-is, with no change. + * + * @param logoutResponseXml + * the XML produced for this LogoutResponse by the standard + * implementation provided by {@link LogoutResponse} + * @return the post-processed XML for this LogoutResponse, which will then be + * returned by any call to {@link #getLogoutResponseXml()} + */ + protected String postProcessXml(final String logoutResponseXml) { + return logoutResponseXml; + } + /** * Substitutes LogoutResponse variables within a string by values. * diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index 7d6e8d91..42183441 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -109,11 +109,29 @@ public Metadata(Saml2Settings settings) throws CertificateEncodingException { this.cacheDuration = SECONDS_CACHED; StrSubstitutor substitutor = generateSubstitutor(settings); - String unsignedMetadataString = substitutor.replace(getMetadataTemplate()); + String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate())); LOGGER.debug("metadata --> " + unsignedMetadataString); metadataString = unsignedMetadataString; } + + /** + * Allows for an extension class to post-process the SAML metadata XML generated + * for this metadata instance, in order to customize the result. + *

+ * This method is invoked at construction time, after all the other fields of + * this class have already been initialised. Its default implementation simply + * returns the input XML as-is, with no change. + * + * @param metadataXml + * the XML produced for this metadata instance by the standard + * implementation provided by {@link Metadata} + * @return the post-processed XML for this metadata instance, which will then be + * returned by any call to {@link #getMetadataString()} + */ + protected String postProcessXml(final String metadataXml) { + return metadataXml; + } /** * Substitutes metadata variables within a string by values. diff --git a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java index 7b31a111..31fd4f55 100644 --- a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java @@ -382,4 +382,23 @@ public void testAuthNDestination() throws Exception { assertThat(authnRequestStr, containsString(" Date: Wed, 7 Apr 2021 10:33:23 +0200 Subject: [PATCH 2/6] Add protected getter for settings to ease extension The various SAML message and metadata object classes have now a protected getter that allows for subclasses to access the settings specified at construction time. This is useful to ease extension, for instance when implementing postProcessXml, so that extensions don't need to save their own copy of the settings. --- .../com/onelogin/saml2/authn/AuthnRequest.java | 9 +++++++++ .../com/onelogin/saml2/authn/SamlResponse.java | 17 +++++++++++++---- .../onelogin/saml2/logout/LogoutRequest.java | 9 +++++++++ .../onelogin/saml2/logout/LogoutResponse.java | 9 +++++++++ .../com/onelogin/saml2/settings/Metadata.java | 17 ++++++++++++++++- 5 files changed, 56 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index 2483ea5e..bd68ddea 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -288,4 +288,13 @@ public String getId() public Calendar getIssueInstant() { return issueInstant == null? null: (Calendar) issueInstant.clone(); } + + /** + * Returns the SAML settings specified at construction time. + * + * @return the SAML settings + */ + protected Saml2Settings getSettings() { + return settings; + } } diff --git a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java index b3022acb..364813d1 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java +++ b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java @@ -41,13 +41,13 @@ */ public class SamlResponse { /** - * Private property to construct a logger for this class. - */ + * Private property to construct a logger for this class. + */ private static final Logger LOGGER = LoggerFactory.getLogger(SamlResponse.class); /** - * Settings data. - */ + * Settings data. + */ private final Saml2Settings settings; /** @@ -1322,4 +1322,13 @@ public Calendar getResponseIssueInstant() throws ValidationError { } return result; } + + /** + * Returns the SAML settings specified at construction time. + * + * @return the SAML settings + */ + protected Saml2Settings getSettings() { + return settings; + } } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index c1572e09..be30bf83 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -829,4 +829,13 @@ public String getId() public Calendar getIssueInstant() { return issueInstant == null? null: (Calendar) issueInstant.clone(); } + + /** + * Returns the SAML settings specified at construction time. + * + * @return the SAML settings + */ + protected Saml2Settings getSettings() { + return settings; + } } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java index 38814ff7..39ba1ce0 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java @@ -534,4 +534,13 @@ public Calendar getIssueInstant() throws ValidationError { } else return issueInstant == null? null: (Calendar) issueInstant.clone(); } + + /** + * Returns the SAML settings specified at construction time. + * + * @return the SAML settings + */ + protected Saml2Settings getSettings() { + return settings; + } } diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index 42183441..67ec0b55 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -62,6 +62,11 @@ public class Metadata { */ private final Integer cacheDuration; + /** + * Settings data. + */ + private final Saml2Settings settings; + /** * Constructs the Metadata object. * @@ -72,6 +77,7 @@ public class Metadata { * @throws CertificateEncodingException */ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDuration, AttributeConsumingService attributeConsumingService) throws CertificateEncodingException { + this.settings = settings; this.validUntilTime = validUntilTime; this.attributeConsumingService = attributeConsumingService; this.cacheDuration = cacheDuration; @@ -102,7 +108,7 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu * @throws CertificateEncodingException */ public Metadata(Saml2Settings settings) throws CertificateEncodingException { - + this.settings = settings; this.validUntilTime = Calendar.getInstance(); this.validUntilTime.add(Calendar.DAY_OF_YEAR, N_DAYS_VALID_UNTIL); @@ -407,4 +413,13 @@ public static String signMetadata(String metadata, PrivateKey key, X509Certifica LOGGER.debug("Signed metadata --> " + signedMetadata); return signedMetadata; } + + /** + * Returns the SAML settings specified at construction time. + * + * @return the SAML settings + */ + protected Saml2Settings getSettings() { + return settings; + } } From ce574274c886104d40f5b8c0fbc002d388274458 Mon Sep 17 00:00:00 2001 From: Mauro Molinari Date: Tue, 6 Apr 2021 14:57:29 +0200 Subject: [PATCH 3/6] Fix typo in postProcessXml input parameter name --- .../main/java/com/onelogin/saml2/authn/AuthnRequest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index bd68ddea..c40b705f 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -129,14 +129,14 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv * this class have already been initialised. Its default implementation simply * returns the input XML as-is, with no change. * - * @param authRequestXml + * @param authnRequestXml * the XML produced for this AuthnRequest by the standard * implementation provided by {@link AuthnRequest} * @return the post-processed XML for this AuthnRequest, which will then be * returned by any call to {@link #getAuthnRequestXml()} */ - protected String postProcessXml(final String authRequestXml) { - return authRequestXml; + protected String postProcessXml(final String authnRequestXml) { + return authnRequestXml; } /** From 75acb1915a9df8a0a7987ab31f9e37c2504dc0b4 Mon Sep 17 00:00:00 2001 From: Mauro Molinari Date: Wed, 7 Apr 2021 15:26:10 +0200 Subject: [PATCH 4/6] Add missing call to postProcessXml in other Metadata constructor --- core/src/main/java/com/onelogin/saml2/settings/Metadata.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index 67ec0b55..dc7a2524 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -83,7 +83,7 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu this.cacheDuration = cacheDuration; StrSubstitutor substitutor = generateSubstitutor(settings); - String unsignedMetadataString = substitutor.replace(getMetadataTemplate()); + String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate())); LOGGER.debug("metadata --> " + unsignedMetadataString); metadataString = unsignedMetadataString; From 23c12fb12dfe32801cfeaf5be739d52fb101f12e Mon Sep 17 00:00:00 2001 From: Mauro Molinari Date: Fri, 23 Jul 2021 16:31:18 +0200 Subject: [PATCH 5/6] Revert "Add protected getter for settings to ease extension" This reverts commit 91fb55901b605a2b96468acd677fc71b8aec323a. --- .../com/onelogin/saml2/authn/AuthnRequest.java | 9 --------- .../com/onelogin/saml2/authn/SamlResponse.java | 17 ++++------------- .../onelogin/saml2/logout/LogoutRequest.java | 9 --------- .../onelogin/saml2/logout/LogoutResponse.java | 9 --------- .../com/onelogin/saml2/settings/Metadata.java | 17 +---------------- 5 files changed, 5 insertions(+), 56 deletions(-) diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index c40b705f..b9c23947 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -288,13 +288,4 @@ public String getId() public Calendar getIssueInstant() { return issueInstant == null? null: (Calendar) issueInstant.clone(); } - - /** - * Returns the SAML settings specified at construction time. - * - * @return the SAML settings - */ - protected Saml2Settings getSettings() { - return settings; - } } diff --git a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java index 364813d1..b3022acb 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java +++ b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java @@ -41,13 +41,13 @@ */ public class SamlResponse { /** - * Private property to construct a logger for this class. - */ + * Private property to construct a logger for this class. + */ private static final Logger LOGGER = LoggerFactory.getLogger(SamlResponse.class); /** - * Settings data. - */ + * Settings data. + */ private final Saml2Settings settings; /** @@ -1322,13 +1322,4 @@ public Calendar getResponseIssueInstant() throws ValidationError { } return result; } - - /** - * Returns the SAML settings specified at construction time. - * - * @return the SAML settings - */ - protected Saml2Settings getSettings() { - return settings; - } } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index be30bf83..c1572e09 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -829,13 +829,4 @@ public String getId() public Calendar getIssueInstant() { return issueInstant == null? null: (Calendar) issueInstant.clone(); } - - /** - * Returns the SAML settings specified at construction time. - * - * @return the SAML settings - */ - protected Saml2Settings getSettings() { - return settings; - } } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java index 39ba1ce0..38814ff7 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java @@ -534,13 +534,4 @@ public Calendar getIssueInstant() throws ValidationError { } else return issueInstant == null? null: (Calendar) issueInstant.clone(); } - - /** - * Returns the SAML settings specified at construction time. - * - * @return the SAML settings - */ - protected Saml2Settings getSettings() { - return settings; - } } diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index dc7a2524..15056535 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -62,11 +62,6 @@ public class Metadata { */ private final Integer cacheDuration; - /** - * Settings data. - */ - private final Saml2Settings settings; - /** * Constructs the Metadata object. * @@ -77,7 +72,6 @@ public class Metadata { * @throws CertificateEncodingException */ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDuration, AttributeConsumingService attributeConsumingService) throws CertificateEncodingException { - this.settings = settings; this.validUntilTime = validUntilTime; this.attributeConsumingService = attributeConsumingService; this.cacheDuration = cacheDuration; @@ -108,7 +102,7 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu * @throws CertificateEncodingException */ public Metadata(Saml2Settings settings) throws CertificateEncodingException { - this.settings = settings; + this.validUntilTime = Calendar.getInstance(); this.validUntilTime.add(Calendar.DAY_OF_YEAR, N_DAYS_VALID_UNTIL); @@ -413,13 +407,4 @@ public static String signMetadata(String metadata, PrivateKey key, X509Certifica LOGGER.debug("Signed metadata --> " + signedMetadata); return signedMetadata; } - - /** - * Returns the SAML settings specified at construction time. - * - * @return the SAML settings - */ - protected Saml2Settings getSettings() { - return settings; - } } From 423618a86ee69d28ef6d030e1167135b7f141c0e Mon Sep 17 00:00:00 2001 From: Mauro Molinari Date: Fri, 23 Jul 2021 16:48:07 +0200 Subject: [PATCH 6/6] Pass settings directly to postProcessXml and improve tests --- .../main/java/com/onelogin/saml2/authn/AuthnRequest.java | 8 +++++--- .../java/com/onelogin/saml2/logout/LogoutRequest.java | 6 ++++-- .../java/com/onelogin/saml2/logout/LogoutResponse.java | 6 ++++-- .../main/java/com/onelogin/saml2/settings/Metadata.java | 8 +++++--- .../com/onelogin/saml2/test/authn/AuthnRequestTest.java | 5 ++++- .../com/onelogin/saml2/test/logout/LogoutRequestTest.java | 5 ++++- .../onelogin/saml2/test/logout/LogoutResponseTest.java | 5 ++++- .../com/onelogin/saml2/test/settings/MetadataTest.java | 6 ++++-- 8 files changed, 34 insertions(+), 15 deletions(-) diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index b9c23947..1d03c749 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -11,8 +11,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.onelogin.saml2.settings.Saml2Settings; import com.onelogin.saml2.model.Organization; +import com.onelogin.saml2.settings.Saml2Settings; import com.onelogin.saml2.util.Constants; import com.onelogin.saml2.util.Util; @@ -101,7 +101,7 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv this.nameIdValueReq = nameIdValueReq; StrSubstitutor substitutor = generateSubstitutor(settings); - authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate())); + authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), settings); LOGGER.debug("AuthNRequest --> " + authnRequestString); } @@ -132,10 +132,12 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv * @param authnRequestXml * the XML produced for this AuthnRequest by the standard * implementation provided by {@link AuthnRequest} + * @param settings + * the settings * @return the post-processed XML for this AuthnRequest, which will then be * returned by any call to {@link #getAuthnRequestXml()} */ - protected String postProcessXml(final String authnRequestXml) { + protected String postProcessXml(final String authnRequestXml, final Saml2Settings settings) { return authnRequestXml; } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index c1572e09..d09bc9de 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -139,7 +139,7 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, this.sessionIndex = sessionIndex; StrSubstitutor substitutor = generateSubstitutor(settings); - logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate())); + logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate()), settings); } else { logoutRequestString = Util.base64decodedInflated(samlLogoutRequest); Document doc = Util.loadXML(logoutRequestString); @@ -237,10 +237,12 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request) { * @param logoutRequestXml * the XML produced for this LogoutRequest by the standard * implementation provided by {@link LogoutRequest} + * @param settings + * the settings * @return the post-processed XML for this LogoutRequest, which will then be * returned by any call to {@link #getLogoutRequestXml()} */ - protected String postProcessXml(final String logoutRequestXml) { + protected String postProcessXml(final String logoutRequestXml, final Saml2Settings settings) { return logoutRequestXml; } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java index 38814ff7..b05e70eb 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java @@ -364,7 +364,7 @@ public void build(String inResponseTo, String statusCode) { this.inResponseTo = inResponseTo; StrSubstitutor substitutor = generateSubstitutor(settings, statusCode); - this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate())); + this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate()), settings); } /** @@ -396,10 +396,12 @@ public void build() { * @param logoutResponseXml * the XML produced for this LogoutResponse by the standard * implementation provided by {@link LogoutResponse} + * @param settings + * the settings * @return the post-processed XML for this LogoutResponse, which will then be * returned by any call to {@link #getLogoutResponseXml()} */ - protected String postProcessXml(final String logoutResponseXml) { + protected String postProcessXml(final String logoutResponseXml, final Saml2Settings settings) { return logoutResponseXml; } diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index 15056535..ceb9181e 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -77,7 +77,7 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu this.cacheDuration = cacheDuration; StrSubstitutor substitutor = generateSubstitutor(settings); - String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate())); + String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate()), settings); LOGGER.debug("metadata --> " + unsignedMetadataString); metadataString = unsignedMetadataString; @@ -109,7 +109,7 @@ public Metadata(Saml2Settings settings) throws CertificateEncodingException { this.cacheDuration = SECONDS_CACHED; StrSubstitutor substitutor = generateSubstitutor(settings); - String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate())); + String unsignedMetadataString = postProcessXml(substitutor.replace(getMetadataTemplate()), settings); LOGGER.debug("metadata --> " + unsignedMetadataString); metadataString = unsignedMetadataString; @@ -126,10 +126,12 @@ public Metadata(Saml2Settings settings) throws CertificateEncodingException { * @param metadataXml * the XML produced for this metadata instance by the standard * implementation provided by {@link Metadata} + * @param settings + * the settings * @return the post-processed XML for this metadata instance, which will then be * returned by any call to {@link #getMetadataString()} */ - protected String postProcessXml(final String metadataXml) { + protected String postProcessXml(final String metadataXml, final Saml2Settings settings) { return metadataXml; } diff --git a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java index 31fd4f55..9dabd362 100644 --- a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java @@ -5,6 +5,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertSame; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; @@ -395,7 +396,9 @@ public void testPostProcessXml() throws Exception { Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); AuthnRequest authnRequest = new AuthnRequest(settings) { @Override - protected String postProcessXml(String authRequestXml) { + protected String postProcessXml(String authRequestXml, Saml2Settings sett) { + assertEquals(authRequestXml, super.postProcessXml(authRequestXml, sett)); + assertSame(settings, sett); return "changed"; } }; diff --git a/core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java b/core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java index 5ae2a196..8dcc728f 100644 --- a/core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java @@ -5,6 +5,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertSame; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; @@ -945,7 +946,9 @@ public void testPostProcessXml() throws Exception { Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); LogoutRequest logoutRequest = new LogoutRequest(settings) { @Override - protected String postProcessXml(String authRequestXml) { + protected String postProcessXml(String authRequestXml, Saml2Settings sett) { + assertEquals(authRequestXml, super.postProcessXml(authRequestXml, sett)); + assertSame(settings, sett); return "changed"; } }; diff --git a/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java b/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java index d1f4c349..5f4244a7 100644 --- a/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java @@ -5,6 +5,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertSame; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; @@ -704,7 +705,9 @@ public void testPostProcessXml() throws Exception { Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); LogoutResponse logoutResponse = new LogoutResponse(settings, null) { @Override - protected String postProcessXml(String authRequestXml) { + protected String postProcessXml(String authRequestXml, Saml2Settings sett) { + assertEquals(authRequestXml, super.postProcessXml(authRequestXml, sett)); + assertSame(settings, sett); return "changed"; } }; diff --git a/core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java b/core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java index 4075332f..16c20ad5 100644 --- a/core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java @@ -7,7 +7,7 @@ import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertNull; - +import static org.junit.Assert.assertSame; import java.io.IOException; import java.security.GeneralSecurityException; @@ -533,7 +533,9 @@ public void testPostProcessXml() throws Exception { Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); Metadata metadata = new Metadata(settings) { @Override - protected String postProcessXml(String authRequestXml) { + protected String postProcessXml(String authRequestXml, Saml2Settings sett) { + assertEquals(authRequestXml, super.postProcessXml(authRequestXml, sett)); + assertSame(settings, sett); return "changed"; } };