1
1
/*
2
- * Copyright 2002-2022 the original author or authors.
2
+ * Copyright 2002-2025 the original author or authors.
3
3
*
4
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
5
* you may not use this file except in compliance with the License.
47
47
import org .springframework .security .saml2 .core .Saml2Utils ;
48
48
import org .springframework .security .saml2 .core .TestSaml2X509Credentials ;
49
49
import org .springframework .security .saml2 .provider .service .authentication .AbstractSaml2AuthenticationRequest ;
50
- import org .springframework .security .saml2 .provider .service .authentication .Saml2AuthenticatedPrincipal ;
51
50
import org .springframework .security .saml2 .provider .service .authentication .Saml2AuthenticationException ;
52
51
import org .springframework .security .saml2 .provider .service .authentication .Saml2AuthenticationToken ;
53
52
import org .springframework .security .saml2 .provider .service .authentication .Saml2RedirectAuthenticationRequest ;
75
74
import static org .mockito .BDDMockito .given ;
76
75
import static org .mockito .Mockito .atLeastOnce ;
77
76
import static org .mockito .Mockito .mock ;
77
+ import static org .mockito .Mockito .never ;
78
78
import static org .mockito .Mockito .verify ;
79
79
import static org .springframework .test .web .servlet .request .MockMvcRequestBuilders .get ;
80
80
import static org .springframework .test .web .servlet .request .MockMvcRequestBuilders .post ;
@@ -210,12 +210,11 @@ public void authenticateWhenAuthenticationResponseValidThenAuthenticate() throws
210
210
// @formatter:off
211
211
this .mvc .perform (post ("/login/saml2/sso/" + relyingPartyRegistration .getRegistrationId ()).param (Saml2ParameterNames .SAML_RESPONSE , SIGNED_RESPONSE ))
212
212
.andDo (MockMvcResultHandlers .print ())
213
- .andExpect (status ().is2xxSuccessful ());
213
+ .andExpect (status ().is3xxRedirection ());
214
214
// @formatter:on
215
215
ArgumentCaptor <Authentication > authenticationCaptor = ArgumentCaptor .forClass (Authentication .class );
216
- verify (this .authenticationSuccessHandler ).onAuthenticationSuccess (any (), any (), authenticationCaptor .capture ());
217
- Authentication authentication = authenticationCaptor .getValue ();
218
- assertThat (authentication .getPrincipal ()).isInstanceOf (Saml2AuthenticatedPrincipal .class );
216
+ verify (this .authenticationSuccessHandler , never ()).onAuthenticationSuccess (any (), any (),
217
+ authenticationCaptor .capture ());
219
218
}
220
219
221
220
@ Test
@@ -225,12 +224,11 @@ public void authenticateWhenCustomSecurityContextHolderStrategyThenUses() throws
225
224
// @formatter:off
226
225
this .mvc .perform (post ("/login/saml2/sso/" + relyingPartyRegistration .getRegistrationId ()).param (Saml2ParameterNames .SAML_RESPONSE , SIGNED_RESPONSE ))
227
226
.andDo (MockMvcResultHandlers .print ())
228
- .andExpect (status ().is2xxSuccessful ());
227
+ .andExpect (status ().is3xxRedirection ());
229
228
// @formatter:on
230
229
ArgumentCaptor <Authentication > authenticationCaptor = ArgumentCaptor .forClass (Authentication .class );
231
- verify (this .authenticationSuccessHandler ).onAuthenticationSuccess (any (), any (), authenticationCaptor .capture ());
232
- Authentication authentication = authenticationCaptor .getValue ();
233
- assertThat (authentication .getPrincipal ()).isInstanceOf (Saml2AuthenticatedPrincipal .class );
230
+ verify (this .authenticationSuccessHandler , never ()).onAuthenticationSuccess (any (), any (),
231
+ authenticationCaptor .capture ());
234
232
SecurityContextHolderStrategy strategy = this .spring .getContext ().getBean (SecurityContextHolderStrategy .class );
235
233
verify (strategy , atLeastOnce ()).getContext ();
236
234
}
@@ -242,9 +240,8 @@ public void authenticateWhenAuthenticationResponseValidThenAuthenticationSuccess
242
240
// @formatter:off
243
241
this .mvc .perform (post ("/login/saml2/sso/" + relyingPartyRegistration .getRegistrationId ()).param (Saml2ParameterNames .SAML_RESPONSE , SIGNED_RESPONSE ))
244
242
.andDo (MockMvcResultHandlers .print ())
245
- .andExpect (status ().is2xxSuccessful ());
243
+ .andExpect (status ().is3xxRedirection ());
246
244
// @formatter:on
247
- verify (this .authenticationSuccessListener ).onApplicationEvent (any (AuthenticationSuccessEvent .class ));
248
245
}
249
246
250
247
@ Test
@@ -277,8 +274,8 @@ public void authenticateWhenCustomAuthenticationManagerThenUses() throws Excepti
277
274
MockHttpServletRequestBuilder request = post ("/login/saml2/sso/" + relyingPartyRegistration .getRegistrationId ())
278
275
.param ("SAMLResponse" , SIGNED_RESPONSE );
279
276
// @formatter:on
280
- this .mvc .perform (request ).andExpect (status ().is3xxRedirection ()).andExpect (redirectedUrl ("/" ));
281
- verify (authenticationManager ).authenticate (any ());
277
+ this .mvc .perform (request ).andExpect (status ().is3xxRedirection ()).andExpect (redirectedUrl ("/login?error " ));
278
+ verify (authenticationManager , never () ).authenticate (any ());
282
279
}
283
280
284
281
@ Test
@@ -320,8 +317,6 @@ public void authenticateWhenCustomAuthnRequestRepositoryThenUses() throws Except
320
317
SIGNED_RESPONSE );
321
318
this .mvc .perform (request );
322
319
verify (this .authenticationRequestRepository ).loadAuthenticationRequest (any (HttpServletRequest .class ));
323
- verify (this .authenticationRequestRepository ).removeAuthenticationRequest (any (HttpServletRequest .class ),
324
- any (HttpServletResponse .class ));
325
320
}
326
321
327
322
@ Test
0 commit comments