Java Code Examples for org.springframework.security.saml.metadata.ExtendedMetadataDelegate

The following examples show how to use org.springframework.security.saml.metadata.ExtendedMetadataDelegate. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: blackduck-alert   Source File: SAMLManager.java    License: Apache License 2.0 6 votes vote down vote up
public void updateSAMLConfiguration(boolean samlEnabled, String metadataURL, String entityId, String entityBaseUrl) {
    try {
        logger.debug("SAML Config Update.");
        List<ExtendedMetadataDelegate> currentProviders = metadataManager.getAvailableProviders();
        currentProviders.forEach(ExtendedMetadataDelegate::destroy);
        metadataManager.setProviders(List.of());
        metadataManager.setDefaultIDP(null);
        metadataManager.setHostedSPName(null);
        metadataManager.afterPropertiesSet();
        metadataGenerator.setEntityId(null);
        metadataGenerator.setEntityBaseURL(null);
        logger.debug("SAML cleared configuration.");
        if (samlEnabled) {
            setupMetadataManager(metadataURL, entityId, entityBaseUrl);
        }
    } catch (Exception e) {
        logger.error("Error updating the SAML identity provider.", e);
    }
}
 
Example 2
/**
 * Provide IDP Metadata
 * 
 * @return
 * @throws MetadataProviderException
 */
@Bean
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public ExtendedMetadataDelegate idpMetadata() throws MetadataProviderException {

	Timer backgroundTaskTimer = new Timer(true);

	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(),
			singleSignOnConfig.getMetadataUrl());

	httpMetadataProvider.setParserPool(parserPool());

	ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
			extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(true);
	return extendedMetadataDelegate;
}
 
Example 3
@Test
public void configure_constructor() throws Exception {
    MetadataManager metadataManager = mock(MetadataManager.class);
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer(metadataManager));
    configurer.setBuilder(builder);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties, never()).getDefaultIdp();
    verify(metadataManagerProperties, never()).getHostedSpName();
    verify(metadataManagerProperties, never()).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
 
Example 4
Source Project: blackduck-alert   Source File: SAMLManager.java    License: Apache License 2.0 5 votes vote down vote up
public void setupMetadataManager(String metadataURL, String entityId, String entityBaseUrl) throws MetadataProviderException {
    logger.debug("SAML Setup MetaData Manager");
    logger.debug("SAML - MetadataUrl: {}, EntityID: {}, EntityBaseUrl: {}", metadataURL, entityId, entityBaseUrl);
    metadataGenerator.setEntityId(entityId);
    metadataGenerator.setEntityBaseURL(entityBaseUrl);

    Optional<ExtendedMetadataDelegate> httpProvider = createHttpProvider(metadataURL);
    Optional<ExtendedMetadataDelegate> fileProvider = createFileProvider();
    List<MetadataProvider> providers = List.of(httpProvider, fileProvider).stream()
                                           .flatMap(Optional::stream)
                                           .collect(Collectors.toList());
    metadataManager.setProviders(providers);
    metadataManager.afterPropertiesSet();
}
 
Example 5
Source Project: blackduck-alert   Source File: SAMLManager.java    License: Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createHttpProvider(String metadataUrl) throws MetadataProviderException {
    if (StringUtils.isBlank(metadataUrl)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create Http Metadata provider.");
    // The URL can not end in a '/' because it messes with the paths for saml
    String correctedMetadataURL = StringUtils.removeEnd(metadataUrl, "/");
    Timer backgroundTaskTimer = new Timer(true);
    HTTPMetadataProvider provider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(), correctedMetadataURL);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example 6
Source Project: blackduck-alert   Source File: SAMLManager.java    License: Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createFileProvider() throws MetadataProviderException {
    Timer backgroundTaskTimer = new Timer(true);
    if (!filePersistenceUtil.uploadFileExists(AuthenticationDescriptor.SAML_METADATA_FILE)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create File Metadata provider.");
    File metadataFile = filePersistenceUtil.createUploadsFile(AuthenticationDescriptor.SAML_METADATA_FILE);
    FilesystemMetadataProvider provider = new FilesystemMetadataProvider(backgroundTaskTimer, metadataFile);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example 7
@SneakyThrows
private ExtendedMetadataDelegate getExtendedProvider(MetadataProvider provider, ExtendedMetadata extendedMetadata, DelegateProps props, ExtendedMetadataDelegateProperties extendedDelegateConfig) {
    if (provider instanceof ExtendedMetadataDelegate) {
        return (ExtendedMetadataDelegate) provider;
    }
    ExtendedMetadataDelegate delegate = createDefaultExtendedMetadataDelegate(provider, extendedMetadata);

    delegate.setForceMetadataRevocationCheck(Optional.ofNullable(props.forceMetadataRevocationCheck)
            .orElseGet(extendedDelegateConfig::isForceMetadataRevocationCheck));

    delegate.setMetadataRequireSignature(Optional.ofNullable(props.metadataRequireSignature)
            .orElseGet(extendedDelegateConfig::isMetadataRequireSignature));

    delegate.setMetadataTrustCheck(Optional.ofNullable(props.metadataTrustCheck)
            .orElseGet(extendedDelegateConfig::isMetadataTrustCheck));

    delegate.setMetadataTrustedKeys(Optional.ofNullable(props.metadataTrustedKeys)
            .orElseGet(extendedDelegateConfig::getMetadataTrustedKeys));

    delegate.setRequireValidMetadata(Optional.ofNullable(props.requireValidMetadata)
            .orElseGet(extendedDelegateConfig::isRequireValidMetadata));

    delegate.setMetadataFilter(Optional.ofNullable(props.metadataFilter)
            .map(this::postProcess)
            .orElse(null));

    return postProcess(delegate);
}
 
Example 8
@Test
public void configure_defaults() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
    doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(any(), any());
    configurer.setBuilder(builder);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(delegate);
    verify(metadataManager).setDefaultIDP(eq(metadataManagerProperties.getDefaultIdp()));
    verify(metadataManager).setHostedSPName(eq(metadataManagerProperties.getHostedSpName()));
    verify(metadataManager).setRefreshCheckInterval(eq(metadataManagerProperties.getRefreshCheckInterval()));
    verify(delegate).setForceMetadataRevocationCheck(eq(extendedMetadataDelegateProperties.isForceMetadataRevocationCheck()));
    verify(delegate).setMetadataRequireSignature(eq(extendedMetadataDelegateProperties.isMetadataRequireSignature()));
    verify(delegate).setMetadataTrustCheck(eq(extendedMetadataDelegateProperties.isMetadataTrustCheck()));
    verify(delegate).setMetadataTrustedKeys(eq(extendedMetadataDelegateProperties.getMetadataTrustedKeys()));
    verify(delegate).setRequireValidMetadata(eq(extendedMetadataDelegateProperties.isRequireValidMetadata()));
    verify(delegate).setMetadataFilter((MetadataFilter) isNull());
}
 
Example 9
@Test
public void configure_defaults_withProvider() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    AbstractMetadataProvider provider = mock(AbstractMetadataProvider.class);
    configurer.metadataProvider(provider);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(provider).setParserPool(eq(parserPool));
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isEqualTo(provider);
}
 
Example 10
@Test
public void configure_defaults_withProviderDelegate() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    MetadataProvider provider = mock(ExtendedMetadataDelegate.class);
    configurer.metadataProvider(provider);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(provider);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isNull();
}
 
Example 11
@Test
public void configure_defaults_withProviderLocation() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    configurer.metadataLocations("classpath:idp-provided.xml");
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
 
Example 12
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
		throws MetadataProviderException {
	String idpSSOCircleMetadataURL = "https://idp.ssocircle.com/meta-idp.xml";
	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
			this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
	httpMetadataProvider.setParserPool(parserPool());
	ExtendedMetadataDelegate extendedMetadataDelegate = 
			new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(false);
	backgroundTaskTimer.purge();
	return extendedMetadataDelegate;
}
 
Example 13
Source Project: blackduck-alert   Source File: SAMLManager.java    License: Apache License 2.0 4 votes vote down vote up
private ExtendedMetadataDelegate createDelegate(MetadataProvider provider) {
    ExtendedMetadataDelegate delegate = new ExtendedMetadataDelegate(provider, extendedMetadata);
    delegate.setMetadataTrustCheck(true);
    delegate.setMetadataRequireSignature(false);
    return delegate;
}
 
Example 14
@VisibleForTesting
protected ExtendedMetadataDelegate createDefaultExtendedMetadataDelegate(MetadataProvider provider, ExtendedMetadata extendedMetadata) {
    return new ExtendedMetadataDelegate(provider, extendedMetadata);
}
 
Example 15
@Test
public void configure_arguments() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    ResourceBackedMetadataProvider provider = mock(ResourceBackedMetadataProvider.class);
    doReturn(provider).when(configurer).createDefaultMetadataProvider("classpath:idp-provided.xml");
    ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
    doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any(ExtendedMetadata.class));
    MetadataFilter metadataFilter = mock(MetadataFilter.class);
    configurer.setBuilder(builder);
    configurer
            .metadataLocations("classpath:idp-provided.xml")
            .defaultIDP("default")
            .hostedSPName("spname")
            .refreshCheckInterval(999L)
            .forceMetadataRevocationCheck(true)
            .metadataRequireSignature(true)
            .metadataTrustCheck(true)
            .requireValidMetadata(true)
            .metadataTrustedKeys("one", "two")
            .metadataFilter(metadataFilter);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
    verify(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any());
    verify(metadataManagerProperties, never()).getDefaultIdp();
    verify(metadataManagerProperties, never()).getHostedSpName();
    verify(metadataManagerProperties, never()).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(delegate);
    verify(metadataManager).setDefaultIDP(eq("default"));
    verify(metadataManager).setHostedSPName(eq("spname"));
    verify(metadataManager).setRefreshCheckInterval(eq(999L));
    verify(delegate).setForceMetadataRevocationCheck(eq(true));
    verify(delegate).setMetadataRequireSignature(eq(true));
    verify(delegate).setMetadataTrustCheck(eq(true));
    verify(delegate).setMetadataTrustedKeys((Set<String>) MockitoHamcrest.argThat(contains("one", "two")));
    verify(delegate).setRequireValidMetadata(eq(true));
    verify(delegate).setMetadataFilter(eq(metadataFilter));
}