Add Saml2AuthenticationRequestContextResolver #8360
Description
Related to #8356
In order for implementations of Saml2AuthenticationRequestFactory to take advantage of custom Saml2AuthenticationRequestContext instances, an application needs to create a custom filter, replacing Saml2WebSsoAuthenticationRequestFilter.
It would be simpler to have an API dedicated to resolving the Saml2AuthenticationRequestContext from the HttpServletRequest and RelyingPartyRegistration:
@Component
public class MyAuthenticationRequestContextResolver
implements Saml2AuthenticationRequestContextResolver {
private final Saml2AuthenticationRequestContextResolver delegate =
new DefaultSaml2AuthenticationRequestContextResolver();
public Saml2AuthenticationRequestContext resolve(HttpServletRequest request,
RelyingPartyRegistration relyingParty) {
boolean isForceAuthn = request.getParameter("force") != null;
Saml2AuthenticationRequestContext context = this.delegate.resolve(request, relyingParty);
return new MyAuthenticationRequestContext(context, isForceAuthn);
}
}The default implementation should extract the logic for formulating the Saml2AuthenticationRequestContext from Saml2WebSsoAuthenticationRequestFilter.
Saml2WebSsoAuthenticationRequestFilter should use the DefaultSaml2AuthenticationRequestContextResolver by default and have a setter for configuring a Saml2AuthenticationRequestContextResolver instance.
The interface and default implementation should be in org.springframework.security.saml2.provider.service.web. Note that the implementation currently in Saml2WebSsoAuthenticationRequestFilter refers to some package-private utility classes. They are rather small, so it will probably be best to inline them into DefaultSaml2AuthenticationRequestContextResolver for the time being.