Refactor messageContext initialization for enhanced scope availability in SamlAssertionConsumerFunction #5622
Conversation
| @@ -56,14 +56,14 @@ attach it to your <type://Server>. | |||
| ```java | |||
| // Specify information about your keystore. | |||
| // The keystore contains two key pairs, which are identified as 'signing' and 'encryption'. | |||
| KeyStoreCredentialResolver credentialResolver = | |||
| CredentialResolver credentialResolver = | |||
There was a problem hiding this comment.
I'm guessing this is a mistake since CredentialResolver doesn't exist
| CredentialResolver credentialResolver = | |
| KeyStoreCredentialResolver credentialResolver = |
There was a problem hiding this comment.
Then I think we need to change this one too. :)
There was a problem hiding this comment.
Oops nevermind, I was looking at the wrong part of the code. The fix looks good 👍
| .keyPassword("signing", "N5^X[hvG") | ||
| .keyPassword("encryption", "N5^X[hvG") |
| @@ -116,7 +117,7 @@ public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpRequest req, | |||
|
|
|||
| return ssoHandler.loginSucceeded(ctx, req, messageContext, sessionIndex, relayState); | |||
| } catch (SamlException e) { | |||
| return ssoHandler.loginFailed(ctx, req, null, e); | |||
| return ssoHandler.loginFailed(ctx, req, messageContext, e); | |||
There was a problem hiding this comment.
Could you add this messageContext to the log message?
Could you also add a simple test for this?
There was a problem hiding this comment.
Creating test cases for the use of messageContext is challenging due to the internal use of static methods (HttpRedirectBindingUtil and HttpPostBindingUtil) in the serve() function. While mocking static functions is possible, it is not a best practice and is not utilized by Armeria. To improve the design for easier testing, I propose the creation of SamlBindingProcessorFactory and SamlBindingProcessor interfaces. This structure allows for more flexible and maintainable code. Below is a brief example of how these interfaces could be implemented:
public interface SamlBindingProcessor {
MessageContext<Response> toSamlObject(AggregatedHttpRequest request, String responseType);
}
public interface SamlBindingProcessorFactory {
SamlBindingProcessor create(SamlBindingProtocol bindingProtocol);
}
public class DefaultSamlBindingProcessorFactory implements SamlBindingProcessorFactory {
@Override
public SamlBindingProcessor create(SamlBindingProtocol bindingProtocol) {
switch (bindingProtocol) {
case HTTP_REDIRECT:
return new HttpRedirectBindingProcessor();
case HTTP_POST:
return new HttpPostBindingProcessor();
default:
throw new IllegalArgumentException("Unsupported binding protocol");
}
}
}
public class SamlAssertionConsumerFunction {
private SamlBindingProcessor processor;
public SamlAssertionConsumerFunction(SamlAssertionConsumerConfig cfg, String entityId,
SamlBindingProcessorFactory processorFactory) {
this.processor = processorFactory.create(cfg.endpoint().bindingProtocol());
// Use the processor like this:
// MessageContext<Response> messageContext = processor.toSamlObject(req, SAML_RESPONSE);
}
}These changes necessitate more extensive modifications than what is currently proposed in the PR. Please review and let me know if there are any misunderstandings or further adjustments needed. :)
There was a problem hiding this comment.
Oops, I thought we could just use the existing test.
For example, we could probably capture the messageContext here and use it in the test where the login fails.
https://github.com/minwoox/armeria/blob/main/saml/src/test/java/com/linecorp/armeria/server/saml/SamlServiceProviderTest.java#L274
SamlBindingProcessorFactory and SamlBindingProcessor seems well-designed, but I'm uncertain whether customization is necessary. 🤔
There was a problem hiding this comment.
@yeojin-dev, I've added a test. 😉
8f87ec2
There was a problem hiding this comment.
LGTM once @minwoox's comment (add tests) is addressed. Thanks, @yeojin-dev!
Motivation:
This PR addresses a code enhancement in the SamlAssertionConsumerFunction by initializing the messageContext variable at the beginning of the method. This change is intended to streamline the assignment and handling of messageContext, ensuring that it can be consistently used throughout the method, particularly in exception handling scenarios.
Modifications:
Declared messageContext at the method start to allow its use across the entire method scope, including within try and catch blocks.
Result: