remove: SAML extension library dependency

Co-authored-by: Peter Chen <peter-h.chen@broadcom.com> Co-authored-by: Bruce Ricard <bruce.ricard@broadcom.com> Co-authored-by: Danny Faught <danny.faught@broadcom.com>
cloudfoundry · Mar 20, 2024 · 321cad4 · 321cad4
1 parent d0600be
commit 321cad4
Show file tree

Hide file tree

Showing 65 changed files with 4,393 additions and 4,348 deletions.
diff --git a/dependencies.gradle b/dependencies.gradle
@@ -104,7 +104,7 @@ libraries.springSecurityConfig = "org.springframework.security:spring-security-c
 libraries.springSecurityCore = "org.springframework.security:spring-security-core:${versions.springSecurityVersion}"
 libraries.springSecurityLdap = "org.springframework.security:spring-security-ldap:${versions.springSecurityVersion}"
 libraries.springSecurityOauth = "org.springframework.security.oauth:spring-security-oauth2:${versions.springSecurityOAuthVersion}"
-libraries.springSecuritySaml = "org.springframework.security.extensions:spring-security-saml2-core:${versions.springSecuritySamlVersion}"
+//libraries.springSecuritySaml = "org.springframework.security.extensions:spring-security-saml2-core:${versions.springSecuritySamlVersion}"
 libraries.springSecurityTaglibs = "org.springframework.security:spring-security-taglibs:${versions.springSecurityVersion}"
 libraries.springSecurityTest = "org.springframework.security:spring-security-test:${versions.springSecurityVersion}"
 libraries.springSecurityWeb = "org.springframework.security:spring-security-web:${versions.springSecurityVersion}"

diff --git a/server/build.gradle b/server/build.gradle
@@ -25,10 +25,10 @@ dependencies {
     implementation(libraries.owaspEsapi) {
         transitive = false
     }
-    implementation(libraries.springSecuritySaml) {
-        exclude(module: "bcprov-ext-jdk15on")
-        exclude(module: "xalan")
-    }
+//    implementation(libraries.springSecuritySaml) {
+//        exclude(module: "bcprov-ext-jdk15on")
+//        exclude(module: "xalan")
+//    }
     implementation(libraries.jodaTime)
     implementation(libraries.commonsHttpClient)
     implementation(libraries.xmlSecurity)

diff --git a/...dry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java b/...dry/identity/uaa/authentication/BackwardsCompatibleTokenEndpointAuthenticationFilter.java
@@ -32,7 +32,7 @@
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
-import org.springframework.security.saml.SAMLProcessingFilter;
+//import org.springframework.security.saml.SAMLProcessingFilter;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 
@@ -66,25 +66,25 @@ public class BackwardsCompatibleTokenEndpointAuthenticationFilter implements Fil
 
     private final OAuth2RequestFactory oAuth2RequestFactory;
 
-    private final SAMLProcessingFilter samlAuthenticationFilter;
+//    private final SAMLProcessingFilter samlAuthenticationFilter;
 
     private final ExternalOAuthAuthenticationManager externalOAuthAuthenticationManager;
 
     public BackwardsCompatibleTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager,
                                                                 OAuth2RequestFactory oAuth2RequestFactory) {
-        this(authenticationManager, oAuth2RequestFactory, null, null);
+        this(authenticationManager, oAuth2RequestFactory, null);
     }
     /**
      * @param authenticationManager an AuthenticationManager for the incoming request
      */
     public BackwardsCompatibleTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager,
                                                                 OAuth2RequestFactory oAuth2RequestFactory,
-                                                                SAMLProcessingFilter samlAuthenticationFilter,
+//                                                                SAMLProcessingFilter samlAuthenticationFilter,
                                                                 ExternalOAuthAuthenticationManager externalOAuthAuthenticationManager) {
         super();
         this.authenticationManager = authenticationManager;
         this.oAuth2RequestFactory = oAuth2RequestFactory;
-        this.samlAuthenticationFilter = samlAuthenticationFilter;
+//        this.samlAuthenticationFilter = samlAuthenticationFilter;
         this.externalOAuthAuthenticationManager = externalOAuthAuthenticationManager;
     }
 
@@ -218,15 +218,15 @@ protected Authentication attemptTokenAuthentication(HttpServletRequest request,
 
             return authResult;
         } else if (GRANT_TYPE_SAML2_BEARER.equals(grantType)) {
-            logger.debug(GRANT_TYPE_SAML2_BEARER +" found. Attempting authentication with assertion");
-            String assertion = request.getParameter("assertion");
-            if (assertion != null && samlAuthenticationFilter != null) {
-                logger.debug("Attempting SAML authentication for token endpoint.");
-                authResult = samlAuthenticationFilter.attemptAuthentication(request, response);
-            } else {
-                logger.debug("No assertion or filter, not attempting SAML authentication for token endpoint.");
-                throw new InsufficientAuthenticationException("SAML Assertion is missing");
-            }
+//            logger.debug(GRANT_TYPE_SAML2_BEARER +" found. Attempting authentication with assertion");
+//            String assertion = request.getParameter("assertion");
+//            if (assertion != null && samlAuthenticationFilter != null) {
+//                logger.debug("Attempting SAML authentication for token endpoint.");
+//                authResult = samlAuthenticationFilter.attemptAuthentication(request, response);
+//            } else {
+//                logger.debug("No assertion or filter, not attempting SAML authentication for token endpoint.");
+//                throw new InsufficientAuthenticationException("SAML Assertion is missing");
+//            }
         } else if (GRANT_TYPE_JWT_BEARER.equals(grantType)) {
             logger.debug(GRANT_TYPE_JWT_BEARER +" found. Attempting authentication with assertion");
             String assertion = request.getParameter("assertion");

diff --git a/.../java/org/cloudfoundry/identity/uaa/authentication/RedirectSavingSamlContextProvider.java b/.../java/org/cloudfoundry/identity/uaa/authentication/RedirectSavingSamlContextProvider.java
@@ -2,45 +2,45 @@
 
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.flywaydb.core.internal.util.StringUtils;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.springframework.security.saml.context.SAMLContextProvider;
-import org.springframework.security.saml.context.SAMLMessageContext;
+//import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+//import org.springframework.security.saml.context.SAMLContextProvider;
+//import org.springframework.security.saml.context.SAMLMessageContext;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import java.util.Map;
 
-public class RedirectSavingSamlContextProvider implements SAMLContextProvider {
-
-    private final SAMLContextProvider contextProviderDelegate;
-
-    public RedirectSavingSamlContextProvider(SAMLContextProvider contextProviderDelegate) {
-        this.contextProviderDelegate = contextProviderDelegate;
-    }
-
-    @Override
-    public SAMLMessageContext getLocalEntity(HttpServletRequest request, HttpServletResponse response) throws MetadataProviderException {
-        SAMLMessageContext context = contextProviderDelegate.getLocalEntity(request, response);
-        return setRelayState(request, context);
-    }
-
-    @Override
-    public SAMLMessageContext getLocalAndPeerEntity(HttpServletRequest request, HttpServletResponse response) throws MetadataProviderException {
-        SAMLMessageContext context = contextProviderDelegate.getLocalAndPeerEntity(request, response);
-        return setRelayState(request, context);
-    }
-
-    private static SAMLMessageContext setRelayState(HttpServletRequest request, SAMLMessageContext context) {
-        Map<String, String> params = new HashMap<>();
-
-        String redirectUri = request.getParameter("redirect");
-        if(StringUtils.hasText(redirectUri)) { params.put("redirect", redirectUri); }
-
-        String clientId = request.getParameter("client_id");
-        if(StringUtils.hasText(clientId)) { params.put("client_id", clientId); }
-
-        context.setRelayState(JsonUtils.writeValueAsString(params));
-        return context;
-    }
+public class RedirectSavingSamlContextProvider /* implements SAMLContextProvider */ {
+
+//    private final SAMLContextProvider contextProviderDelegate;
+
+//    public RedirectSavingSamlContextProvider(SAMLContextProvider contextProviderDelegate) {
+//        this.contextProviderDelegate = contextProviderDelegate;
+//    }
+
+//    @Override
+//    public SAMLMessageContext getLocalEntity(HttpServletRequest request, HttpServletResponse response) throws MetadataProviderException {
+//        SAMLMessageContext context = contextProviderDelegate.getLocalEntity(request, response);
+//        return setRelayState(request, context);
+//    }
+
+//    @Override
+//    public SAMLMessageContext getLocalAndPeerEntity(HttpServletRequest request, HttpServletResponse response) throws MetadataProviderException {
+//        SAMLMessageContext context = contextProviderDelegate.getLocalAndPeerEntity(request, response);
+//        return setRelayState(request, context);
+//    }
+
+//    private static SAMLMessageContext setRelayState(HttpServletRequest request, SAMLMessageContext context) {
+//        Map<String, String> params = new HashMap<>();
+//
+//        String redirectUri = request.getParameter("redirect");
+//        if(StringUtils.hasText(redirectUri)) { params.put("redirect", redirectUri); }
+//
+//        String clientId = request.getParameter("client_id");
+//        if(StringUtils.hasText(clientId)) { params.put("client_id", clientId); }
+//
+//        context.setRelayState(JsonUtils.writeValueAsString(params));
+//        return context;
+//    }
 }
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/SamlAssertionBinding.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/SamlAssertionBinding.java
@@ -15,24 +15,24 @@
 
 package org.cloudfoundry.identity.uaa.authentication;
 
-import org.opensaml.ws.message.decoder.MessageDecoder;
-import org.opensaml.ws.message.encoder.MessageEncoder;
-import org.opensaml.ws.transport.InTransport;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.ws.transport.http.HTTPTransport;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.security.saml.processor.HTTPPostBinding;
+//import org.opensaml.ws.message.decoder.MessageDecoder;
+//import org.opensaml.ws.message.encoder.MessageEncoder;
+//import org.opensaml.ws.transport.InTransport;
+//import org.opensaml.ws.transport.http.HTTPInTransport;
+//import org.opensaml.ws.transport.http.HTTPTransport;
+//import org.opensaml.xml.parse.ParserPool;
+//import org.springframework.security.saml.processor.HTTPPostBinding;
 
-public class SamlAssertionBinding extends HTTPPostBinding {
+public class SamlAssertionBinding /* extends HTTPPostBinding */ {
 
     /**
      * Creates default implementation of the binding.
      *
      * @param parserPool     parserPool for message deserialization
      */
-    public SamlAssertionBinding(ParserPool parserPool) {
-        this(parserPool, new SamlAssertionDecoder(parserPool), null);
-    }
+//    public SamlAssertionBinding(ParserPool parserPool) {
+//        this(parserPool, new SamlAssertionDecoder(parserPool), null);
+//    }
 
     /**
      * Implementation of the binding with custom encoder and decoder.
@@ -41,22 +41,22 @@ public SamlAssertionBinding(ParserPool parserPool) {
      * @param decoder custom decoder implementation
      * @param encoder custom encoder implementation
      */
-    public SamlAssertionBinding(ParserPool parserPool, MessageDecoder decoder, MessageEncoder encoder) {
-        super(parserPool, decoder, encoder);
-    }
+//    public SamlAssertionBinding(ParserPool parserPool, MessageDecoder decoder, MessageEncoder encoder) {
+//        super(parserPool, decoder, encoder);
+//    }
 
-    @Override
-    public boolean supports(InTransport transport) {
-        if (transport instanceof HTTPInTransport) {
-            HTTPTransport t = (HTTPTransport) transport;
-            return "POST".equalsIgnoreCase(t.getHTTPMethod()) && t.getParameterValue("assertion") != null;
-        } else {
-            return false;
-        }
-    }
+//    @Override
+//    public boolean supports(InTransport transport) {
+//        if (transport instanceof HTTPInTransport) {
+//            HTTPTransport t = (HTTPTransport) transport;
+//            return "POST".equalsIgnoreCase(t.getHTTPMethod()) && t.getParameterValue("assertion") != null;
+//        } else {
+//            return false;
+//        }
+//    }
 
-    @Override
-    public String getBindingURI() {
-        return "urn:oasis:names:tc:SAML:2.0:bindings:URI";
-    }
+//    @Override
+//    public String getBindingURI() {
+//        return "urn:oasis:names:tc:SAML:2.0:bindings:URI";
+//    }
 }