Change type shouldInflate

Signed-off-by: Tran Ngoc Nhan <[email protected]>

Author: ngocnhan-tran1996

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java

@@ -18,7 +18,6 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 
-import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.Saml2Error;
 import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
@@ -43,7 +42,7 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo
 
 	private Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository;
 
-	private Boolean shouldInflate;
+	private boolean shouldInflate = true;
 
 	/**
 	 * Constructs a {@link Saml2AuthenticationTokenConverter} given a strategy for
@@ -89,7 +88,7 @@ public void setAuthenticationRequestRepository(
 	}
 
 	/**
-	 * Use the given {@code shouldInflate} to inflate request.
+	 * Use the given {@code shouldInflate} to inflate request. Default is {@code true}.
 	 * @param shouldInflate the {@code shouldInflate} to use
 	 * @since 7.0
 	 */
@@ -98,10 +97,6 @@ public void setShouldInflateResponse(boolean shouldInflate) {
 	}
 
 	private String decode(HttpServletRequest request) {
-		// prevent to break passivity in Saml2LoginBeanDefinitionParserTests
-		if (this.shouldInflate == null) {
-			this.shouldInflate = HttpMethod.GET.matches(request.getMethod());
-		}
 		String encoded = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
 		if (encoded == null) {
 			return null;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java

@@ -61,7 +61,6 @@ public class Saml2AuthenticationTokenConverterTests {
 	public void convertWhenSamlResponseThenToken() {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		converter.setShouldInflateResponse(false);
 		given(this.relyingPartyRegistrationResolver.resolve(any(HttpServletRequest.class), any()))
 			.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -77,7 +76,6 @@ public void convertWhenSamlResponseThenToken() {
 	public void convertWhenSamlResponseWithRelyingPartyRegistrationResolver(
 			@Mock RelyingPartyRegistrationResolver resolver) {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(resolver);
-		converter.setShouldInflateResponse(false);
 		given(resolver.resolve(any(HttpServletRequest.class), any())).willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter(Saml2ParameterNames.SAML_RESPONSE,
@@ -163,7 +161,6 @@ public void convertWhenGetRequestInvalidDeflatedThenSaml2AuthenticationException
 	public void convertWhenUsingSamlUtilsBase64ThenXmlIsValid() throws Exception {
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		converter.setShouldInflateResponse(false);
 		given(this.relyingPartyRegistrationResolver.resolve(any(HttpServletRequest.class), any()))
 			.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -181,7 +178,6 @@ public void convertWhenSavedAuthenticationRequestThenToken() {
 			.willReturn(this.relyingPartyRegistration.getRegistrationId());
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
 				this.relyingPartyRegistrationResolver);
-		converter.setShouldInflateResponse(false);
 		converter.setAuthenticationRequestRepository(authenticationRequestRepository);
 		given(this.relyingPartyRegistrationResolver.resolve(any(HttpServletRequest.class), any()))
 			.willReturn(this.relyingPartyRegistration);
@@ -207,7 +203,6 @@ public void convertWhenSavedAuthenticationRequestThenTokenWithRelyingPartyRegist
 			.willReturn(this.relyingPartyRegistration.getRegistrationId());
 		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(resolver);
 		converter.setAuthenticationRequestRepository(authenticationRequestRepository);
-		converter.setShouldInflateResponse(false);
 		given(resolver.resolve(any(HttpServletRequest.class), any())).willReturn(this.relyingPartyRegistration);
 		given(authenticationRequestRepository.loadAuthenticationRequest(any(HttpServletRequest.class)))
 			.willReturn(authenticationRequest);
@@ -235,6 +230,22 @@ public void setAuthenticationRequestRepositoryWhenNullThenIllegalArgument() {
 			.isThrownBy(() -> converter.setAuthenticationRequestRepository(null));
 	}
 
+	@Test
+	public void convertWhenGetRequestWithoutInflate() {
+		Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(
+			this.relyingPartyRegistrationResolver);
+		converter.setShouldInflateResponse(false);
+		given(this.relyingPartyRegistrationResolver.resolve(any(HttpServletRequest.class), any()))
+			.willReturn(this.relyingPartyRegistration);
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setMethod("GET");
+		request.setParameter(Saml2ParameterNames.SAML_RESPONSE, Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
+		Saml2AuthenticationToken token = converter.convert(request);
+		assertThat(token.getSaml2Response()).isEqualTo("response");
+		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
+			.isEqualTo(this.relyingPartyRegistration.getRegistrationId());
+	}
+
 	private void validateSsoCircleXml(String xml) {
 		assertThat(xml).contains("InResponseTo=\"ARQ9a73ead-7dcf-45a8-89eb-26f3c9900c36\"")
 			.contains(" ID=\"s246d157446618e90e43fb79bdd4d9e9e19cf2c7c4\"")