Merge pull request 'Expose SAML Metadata on /saml/metadata' (#27) from feature/24153 into develop

LEDfan · LEDfan · commit 595f88d9f04b · 2021-01-11T15:09:37.000Z
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java
@@ -29,6 +29,7 @@
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.saml.SAMLAuthenticationProvider;
 import org.springframework.security.saml.SAMLEntryPoint;
+import org.springframework.security.saml.metadata.MetadataDisplayFilter;
 import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
 import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -47,7 +48,10 @@ public class SAMLAuthenticationBackend implements IAuthenticationBackend {
 	
 	@Autowired(required = false)
 	private MetadataGeneratorFilter metadataGeneratorFilter;
-	
+
+	@Autowired(required = false)
+	private MetadataDisplayFilter metadataDisplayFilter;
+
 	@Autowired(required = false)
 	private SAMLFilterSet samlFilter;
 	
@@ -73,6 +77,7 @@ public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestCon
 			.exceptionHandling().authenticationEntryPoint(samlEntryPoint)
 		.and()
 			.addFilterBefore(metadataGeneratorFilter, ChannelProcessingFilter.class)
+			.addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class)
 			.addFilterAfter(samlFilter, BasicAuthenticationFilter.class);
 	}
 
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java
@@ -56,16 +56,13 @@
 import org.springframework.security.saml.SAMLCredential;
 import org.springframework.security.saml.SAMLEntryPoint;
 import org.springframework.security.saml.SAMLProcessingFilter;
+import org.springframework.security.saml.context.SAMLContextProvider;
 import org.springframework.security.saml.context.SAMLContextProviderImpl;
 import org.springframework.security.saml.key.EmptyKeyManager;
 import org.springframework.security.saml.key.JKSKeyManager;
 import org.springframework.security.saml.key.KeyManager;
 import org.springframework.security.saml.log.SAMLDefaultLogger;
-import org.springframework.security.saml.metadata.CachingMetadataManager;
-import org.springframework.security.saml.metadata.ExtendedMetadata;
-import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
-import org.springframework.security.saml.metadata.MetadataGenerator;
-import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
+import org.springframework.security.saml.metadata.*;
 import org.springframework.security.saml.parser.ParserPoolHolder;
 import org.springframework.security.saml.processor.HTTPPostBinding;
 import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
@@ -185,6 +182,15 @@ public MetadataGeneratorFilter metadataGeneratorFilter() {
 		return new MetadataGeneratorFilter(metadataGenerator());
 	}
 
+	@Bean
+	public MetadataDisplayFilter metadataDisplayFilter() throws MetadataProviderException, ResourceException {
+		MetadataDisplayFilter metadataDisplayFilter = new MetadataDisplayFilter();
+		metadataDisplayFilter.setContextProvider(contextProvider());
+		metadataDisplayFilter.setKeyManager(keyManager());
+		metadataDisplayFilter.setManager(metadata());
+		return metadataDisplayFilter;
+	}
+
 	@Bean
 	public MetadataGenerator metadataGenerator() {
 		String appEntityId = environment.getProperty("proxy.saml.app-entity-id");
