From 58ad3814419c3d6ec0ac9d8c8f5765b95d84d9e0 Mon Sep 17 00:00:00 2001 From: Dayan Kodippily Date: Tue, 7 Feb 2023 23:10:55 +1300 Subject: [PATCH] Closes gh-12472 --- .../logout/Saml2LogoutRequest.java | 4 ++-- ...tpSessionLogoutRequestRepositoryTests.java | 24 ++++++++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java index 836de13a3b8..b234935b11e 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -60,7 +60,7 @@ public final class Saml2LogoutRequest implements Serializable { private final String relyingPartyRegistrationId; - private Function, String> encoder; + private transient Function, String> encoder; private Saml2LogoutRequest(String location, Saml2MessageBinding binding, Map parameters, String id, String relyingPartyRegistrationId) { diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepositoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepositoryTests.java index 832a29ace08..1205bf91569 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepositoryTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepositoryTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,11 @@ package org.springframework.security.saml2.provider.service.web.authentication.logout; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; import java.util.HashMap; import java.util.Map; @@ -77,6 +82,23 @@ public void loadLogoutRequestWhenMultipleSavedThenReplacesLogoutRequest() { assertThat(this.logoutRequestRepository.loadLogoutRequest(request)).isEqualTo(two); } + @Test + void serializeAndDeserializeSaml2LogoutRequest() throws IOException, ClassNotFoundException { + Saml2LogoutRequest requestToSerialize = createLogoutRequest().relayState("state-serialized").build(); + byte[] data; + try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream)) { + objectOutputStream.writeObject(requestToSerialize); + data = outputStream.toByteArray(); + } + + try (ByteArrayInputStream inputStream = new ByteArrayInputStream(data); + ObjectInputStream objectInputStream = new ObjectInputStream(inputStream)) { + Saml2LogoutRequest deserializedRequest = (Saml2LogoutRequest) objectInputStream.readObject(); + assertThat(requestToSerialize.getRelayState()).isEqualTo(deserializedRequest.getRelayState()); + } + } + @Test public void loadLogoutRequestWhenSavedAndStateParameterNullThenReturnNull() { MockHttpServletRequest request = new MockHttpServletRequest();