spring-projects
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
Lines changed: 6 additions & 20 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java
Lines changed: 6 additions & 20 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
Lines changed: 10 additions & 13 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
Lines changed: 10 additions & 13 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java
Lines changed: 4 additions & 6 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.java
Lines changed: 4 additions & 6 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java
Lines changed: 4 additions & 6 deletions b/‎config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java
Lines changed: 4 additions & 6 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java
Lines changed: 8 additions & 12 deletions b/‎config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java
Lines changed: 8 additions & 12 deletions
@@ -35,18 +35,15 @@
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
-import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
 import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
 import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository;
-import org.springframework.security.saml2.provider.service.web.OpenSaml4AuthenticationTokenConverter;
 import org.springframework.security.saml2.provider.service.web.OpenSaml5AuthenticationTokenConverter;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
 import org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter;
-import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml5AuthenticationRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
@@ -381,10 +378,8 @@ private Saml2AuthenticationRequestResolver getAuthenticationRequestResolver(B ht
 			return openSamlAuthenticationRequestResolver;
 		}
 		else {
-			OpenSaml4AuthenticationRequestResolver openSamlAuthenticationRequestResolver = new OpenSaml4AuthenticationRequestResolver(
-					relyingPartyRegistrationRepository(http));
-			openSamlAuthenticationRequestResolver.setRequestMatcher(getAuthenticationRequestMatcher());
-			return openSamlAuthenticationRequestResolver;
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 	}
 
@@ -429,15 +424,8 @@ private AuthenticationConverter getAuthenticationConverter(B http) {
 			converter.setRequestMatcher(getLoginProcessingEndpoint());
 			return converter;
 		}
-		authenticationConverterBean = getBeanOrNull(http, OpenSaml4AuthenticationTokenConverter.class);
-		if (authenticationConverterBean != null) {
-			return authenticationConverterBean;
-		}
-		OpenSaml4AuthenticationTokenConverter converter = new OpenSaml4AuthenticationTokenConverter(
-				this.relyingPartyRegistrationRepository);
-		converter.setAuthenticationRequestRepository(getAuthenticationRequestRepository(http));
-		converter.setRequestMatcher(getLoginProcessingEndpoint());
-		return converter;
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	private void registerDefaultAuthenticationProvider(B http) {
@@ -448,10 +436,8 @@ private void registerDefaultAuthenticationProvider(B http) {
 			}
 		}
 		else {
-			OpenSaml4AuthenticationProvider provider = getBeanOrNull(http, OpenSaml4AuthenticationProvider.class);
-			if (provider == null) {
-				http.authenticationProvider(postProcess(new OpenSaml4AuthenticationProvider()));
-			}
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 	}
 
 
@@ -35,18 +35,13 @@
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2ResponseAssertionAccessor;
-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutRequestValidator;
-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutResponseValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutRequestValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutResponseValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository;
-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver;
-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestValidatorParametersResolver;
-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestValidatorParametersResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutResponseResolver;
@@ -250,10 +245,8 @@ private Saml2LogoutRequestValidatorParametersResolver createSaml2LogoutResponseP
 			parameters.setRequestMatcher(requestMatcher);
 			return parameters;
 		}
-		OpenSaml4LogoutRequestValidatorParametersResolver parameters = new OpenSaml4LogoutRequestValidatorParametersResolver(
-				registrations);
-		parameters.setRequestMatcher(requestMatcher);
-		return parameters;
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	private Saml2LogoutResponseFilter createLogoutResponseProcessingFilter(
@@ -384,7 +377,8 @@ private Saml2LogoutRequestValidator logoutRequestValidator() {
 			if (USE_OPENSAML_5) {
 				return new OpenSaml5LogoutRequestValidator();
 			}
-			return new OpenSaml4LogoutRequestValidator();
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 
 		private Saml2LogoutRequestResolver logoutRequestResolver(RelyingPartyRegistrationRepository registrations) {
@@ -394,7 +388,8 @@ private Saml2LogoutRequestResolver logoutRequestResolver(RelyingPartyRegistratio
 			if (USE_OPENSAML_5) {
 				return new OpenSaml5LogoutRequestResolver(registrations);
 			}
-			return new OpenSaml4LogoutRequestResolver(registrations);
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 
 	}
@@ -454,7 +449,8 @@ private Saml2LogoutResponseValidator logoutResponseValidator() {
 			if (USE_OPENSAML_5) {
 				return new OpenSaml5LogoutResponseValidator();
 			}
-			return new OpenSaml4LogoutResponseValidator();
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 
 		private Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrationRepository registrations) {
@@ -464,7 +460,8 @@ private Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrat
 			if (USE_OPENSAML_5) {
 				return new OpenSaml5LogoutResponseResolver(registrations);
 			}
-			return new OpenSaml4LogoutResponseResolver(registrations);
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		}
 
 	}
 
@@ -24,7 +24,6 @@
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.saml2.provider.service.metadata.OpenSaml4MetadataResolver;
 import org.springframework.security.saml2.provider.service.metadata.OpenSaml5MetadataResolver;
 import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
@@ -113,10 +112,8 @@ public Saml2MetadataConfigurer<H> metadataUrl(String metadataUrl) {
 				metadata.setRequestMatcher(getRequestMatcherBuilder().matcher(metadataUrl));
 				return metadata;
 			}
-			RequestMatcherMetadataResponseResolver metadata = new RequestMatcherMetadataResponseResolver(registrations,
-					new OpenSaml4MetadataResolver());
-			metadata.setRequestMatcher(getRequestMatcherBuilder().matcher(metadataUrl));
-			return metadata;
+			throw new IllegalArgumentException(
+					"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 		};
 		return this;
 	}
@@ -156,7 +153,8 @@ private Saml2MetadataResponseResolver createMetadataResponseResolver(H http) {
 		if (USE_OPENSAML_5) {
 			return new RequestMatcherMetadataResponseResolver(registrations, new OpenSaml5MetadataResolver());
 		}
-		return new RequestMatcherMetadataResponseResolver(registrations, new OpenSaml4MetadataResolver());
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	private RelyingPartyRegistrationRepository getRelyingPartyRegistrationRepository(H http) {
 
@@ -24,13 +24,11 @@
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
-import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
 import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
-import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml5AuthenticationRequestResolver;
 import org.springframework.util.StringUtils;
 
@@ -90,16 +88,16 @@ static BeanMetadataElement createDefaultAuthenticationRequestResolver(
 				.addConstructorArgValue(defaultRelyingPartyRegistrationResolver)
 				.getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4AuthenticationRequestResolver.class)
-			.addConstructorArgValue(defaultRelyingPartyRegistrationResolver)
-			.getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	static BeanDefinition createAuthenticationProvider() {
 		if (USE_OPENSAML_5) {
 			return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml5AuthenticationProvider.class).getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4AuthenticationProvider.class).getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	static BeanMetadataElement getAuthenticationConverter(Element element) {
 
@@ -22,14 +22,10 @@
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutRequestValidator;
-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutResponseValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutRequestValidator;
 import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutResponseValidator;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository;
-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver;
-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestResolver;
 import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutResponseResolver;
 import org.springframework.util.StringUtils;
@@ -76,9 +72,8 @@ static BeanMetadataElement getLogoutResponseResolver(Element element, BeanMetada
 				.addConstructorArgValue(registrations)
 				.getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4LogoutResponseResolver.class)
-			.addConstructorArgValue(registrations)
-			.getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	static BeanMetadataElement getLogoutRequestValidator(Element element) {
@@ -89,7 +84,8 @@ static BeanMetadataElement getLogoutRequestValidator(Element element) {
 		if (USE_OPENSAML_5) {
 			return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml5LogoutRequestValidator.class).getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4LogoutRequestValidator.class).getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	static BeanMetadataElement getLogoutResponseValidator(Element element) {
@@ -100,7 +96,8 @@ static BeanMetadataElement getLogoutResponseValidator(Element element) {
 		if (USE_OPENSAML_5) {
 			return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml5LogoutResponseValidator.class).getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4LogoutResponseValidator.class).getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 	static BeanMetadataElement getLogoutRequestRepository(Element element) {
@@ -121,9 +118,8 @@ static BeanMetadataElement getLogoutRequestResolver(Element element, BeanMetadat
 				.addConstructorArgValue(registrations)
 				.getBeanDefinition();
 		}
-		return BeanDefinitionBuilder.rootBeanDefinition(OpenSaml4LogoutRequestResolver.class)
-			.addConstructorArgValue(registrations)
-			.getBeanDefinition();
+		throw new IllegalArgumentException(
+				"Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");
 	}
 
 }
Original file line number	Diff line number	Diff line change
`@@ -35,18 +35,13 @@`
`35`	`35`	`import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;`
`36`	`36`	`import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;`
`37`	`37`	`import org.springframework.security.saml2.provider.service.authentication.Saml2ResponseAssertionAccessor;`
`38`		`-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutRequestValidator;`
`39`		`-import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutResponseValidator;`
`40`	`38`	`import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutRequestValidator;`
`41`	`39`	`import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutResponseValidator;`
`42`	`40`	`import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator;`
`43`	`41`	`import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator;`
`44`	`42`	`import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;`
`45`	`43`	`import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;`
`46`	`44`	`import org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository;`
`47`		`-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver;`
`48`		`-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestValidatorParametersResolver;`
`49`		`-import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver;`
`50`	`45`	`import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestResolver;`
`51`	`46`	`import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestValidatorParametersResolver;`
`52`	`47`	`import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutResponseResolver;`
`@@ -250,10 +245,8 @@ private Saml2LogoutRequestValidatorParametersResolver createSaml2LogoutResponseP`
`250`	`245`	`parameters.setRequestMatcher(requestMatcher);`
`251`	`246`	`return parameters;`
`252`	`247`	`}`
`253`		`- OpenSaml4LogoutRequestValidatorParametersResolver parameters = new OpenSaml4LogoutRequestValidatorParametersResolver(`
`254`		`- registrations);`
`255`		`- parameters.setRequestMatcher(requestMatcher);`
`256`		`- return parameters;`
	`248`	`+ throw new IllegalArgumentException(`
	`249`	`+ "Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");`
`257`	`250`	`}`
`258`	`251`
`259`	`252`	`private Saml2LogoutResponseFilter createLogoutResponseProcessingFilter(`
`@@ -384,7 +377,8 @@ private Saml2LogoutRequestValidator logoutRequestValidator() {`
`384`	`377`	`if (USE_OPENSAML_5) {`
`385`	`378`	`return new OpenSaml5LogoutRequestValidator();`
`386`	`379`	`}`
`387`		`- return new OpenSaml4LogoutRequestValidator();`
	`380`	`+ throw new IllegalArgumentException(`
	`381`	`+ "Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");`
`388`	`382`	`}`
`389`	`383`
`390`	`384`	`private Saml2LogoutRequestResolver logoutRequestResolver(RelyingPartyRegistrationRepository registrations) {`
`@@ -394,7 +388,8 @@ private Saml2LogoutRequestResolver logoutRequestResolver(RelyingPartyRegistratio`
`394`	`388`	`if (USE_OPENSAML_5) {`
`395`	`389`	`return new OpenSaml5LogoutRequestResolver(registrations);`
`396`	`390`	`}`
`397`		`- return new OpenSaml4LogoutRequestResolver(registrations);`
	`391`	`+ throw new IllegalArgumentException(`
	`392`	`+ "Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");`
`398`	`393`	`}`
`399`	`394`
`400`	`395`	`}`
`@@ -454,7 +449,8 @@ private Saml2LogoutResponseValidator logoutResponseValidator() {`
`454`	`449`	`if (USE_OPENSAML_5) {`
`455`	`450`	`return new OpenSaml5LogoutResponseValidator();`
`456`	`451`	`}`
`457`		`- return new OpenSaml4LogoutResponseValidator();`
	`452`	`+ throw new IllegalArgumentException(`
	`453`	`+ "Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");`
`458`	`454`	`}`
`459`	`455`
`460`	`456`	`private Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrationRepository registrations) {`
`@@ -464,7 +460,8 @@ private Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrat`
`464`	`460`	`if (USE_OPENSAML_5) {`
`465`	`461`	`return new OpenSaml5LogoutResponseResolver(registrations);`
`466`	`462`	`}`
`467`		`- return new OpenSaml4LogoutResponseResolver(registrations);`
	`463`	`+ throw new IllegalArgumentException(`
	`464`	`+ "Spring Security does not support OpenSAML " + Version.getVersion() + ". Please use OpenSAML 5");`
`468`	`465`	`}`
`469`	`466`
`470`	`467`	`}`