Use Saml2Error Static Factories

jzheaux · jzheaux · commit 32c7e8a6eecd · 2025-06-03T13:12:37.000-06:00
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/BaseOpenSamlAuthenticationProvider.java
@@ -302,7 +302,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 			throw ex;
 		}
 		catch (Exception ex) {
-			throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
+			throw new Saml2AuthenticationException(Saml2Error.internalValidationError(ex.getMessage()), ex);
 		}
 	}
 
@@ -316,7 +316,7 @@ private Response parseResponse(String response) throws Saml2Exception, Saml2Auth
 			return this.saml.deserialize(response);
 		}
 		catch (Exception ex) {
-			throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
+			throw new Saml2AuthenticationException(Saml2Error.malformedResponseData(ex.getMessage()), ex);
 		}
 	}
 
@@ -375,7 +375,7 @@ else if (this.logger.isDebugEnabled()) {
 					.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]");
 			}
 			Saml2Error first = errors.iterator().next();
-			throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null);
+			throw new Saml2AuthenticationException(first);
 		}
 		else {
 			if (this.logger.isDebugEnabled()) {
@@ -408,7 +408,7 @@ private Consumer<ResponseToken> createDefaultResponseElementsDecrypter() {
 				this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(response);
 			}
 			catch (Exception ex) {
-				throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+				throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);
 			}
 		};
 	}
@@ -437,7 +437,7 @@ private Consumer<AssertionToken> createDefaultAssertionElementsDecrypter() {
 				this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(assertion);
 			}
 			catch (Exception ex) {
-				throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);
+				throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);
 			}
 		};
 	}
@@ -503,11 +503,6 @@ private static Object getXmlObjectValue(XMLObject xmlObject) {
 		return xmlObject;
 	}
 
-	private static Saml2AuthenticationException createAuthenticationException(String code, String message,
-			Exception cause) {
-		return new Saml2AuthenticationException(new Saml2Error(code, message), cause);
-	}
-
 	private static Converter<AssertionToken, Saml2ResponseValidatorResult> createAssertionValidator(String errorCode,
 			Converter<AssertionToken, SAML20AssertionValidator> validatorConverter,
 			Converter<AssertionToken, ValidationContext> contextConverter) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/BaseOpenSamlAuthenticationTokenConverter.java
@@ -22,7 +22,6 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -182,8 +181,7 @@ private String decode(HttpServletRequest request) {
 				.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java
@@ -20,7 +20,6 @@
 
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -107,12 +106,12 @@ private String decode(HttpServletRequest request) {
 		if (!this.shouldConvertGetRequests && isGet) {
 			return null;
 		}
+		Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet);
 		try {
-			return Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet).decode();
+			return decoding.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestValidatorParametersResolver.java
@@ -23,7 +23,6 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -145,8 +144,7 @@ private Saml2LogoutRequestValidatorParameters logoutRequestById(HttpServletReque
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		if (registration == null) {
 			throw new Saml2AuthenticationException(
-					new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-					"registration not found");
+					Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 		}
 		return logoutRequestByRegistration(request, registration, authentication);
 	}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilter.java
@@ -31,7 +31,6 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -268,8 +267,7 @@ public Saml2LogoutRequestValidatorParameters resolve(HttpServletRequest request,
 					registrationId);
 			if (registration == null) {
 				throw new Saml2AuthenticationException(
-						new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-						"registration not found");
+						Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 			}
 			UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
 			String entityId = uriResolver.resolve(registration.getEntityId());
diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/OpenSamlAuthenticationTokenConverter.java
@@ -24,7 +24,6 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -197,8 +196,7 @@ private String decode(HttpServletRequest request) {
 				.decode();
 		}
 		catch (Exception ex) {
-			throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),
-					ex);
+			throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);
 		}
 	}
 
diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutRequestValidatorParametersResolver.java
@@ -27,7 +27,6 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2Error;
-import org.springframework.security.saml2.core.Saml2ErrorCodes;
 import org.springframework.security.saml2.core.Saml2ParameterNames;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -159,8 +158,7 @@ private Saml2LogoutRequestValidatorParameters logoutRequestById(HttpServletReque
 		RelyingPartyRegistration registration = this.registrations.findByRegistrationId(registrationId);
 		if (registration == null) {
 			throw new Saml2AuthenticationException(
-					new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "registration not found"),
-					"registration not found");
+					Saml2Error.relyingPartyRegistrationNotFound("registration not found"));
 		}
 		return logoutRequestByRegistration(request, registration, authentication);
 	}
diff --git a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java
@@ -935,8 +935,8 @@ public void setGrantedAuthoritiesConverter(
 
 		private static String authenticatedPrincipal(Assertion assertion) {
 			if (!BaseOpenSamlAuthenticationProvider.hasName(assertion)) {
-				throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND,
-						"Assertion [" + assertion.getID() + "] is missing a subject"));
+				throw new Saml2AuthenticationException(
+						Saml2Error.subjectNotFound("Assertion [" + assertion.getID() + "] is missing a subject"));
 			}
 			return assertion.getSubject().getNameID().getValue();
 		}

Original file line number	Diff line number	Diff line change
`@@ -302,7 +302,7 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`302`	`302`	`throw ex;`
`303`	`303`	`}`
`304`	`304`	`catch (Exception ex) {`
`305`		`- throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);`
	`305`	`+ throw new Saml2AuthenticationException(Saml2Error.internalValidationError(ex.getMessage()), ex);`
`306`	`306`	`}`
`307`	`307`	`}`
`308`	`308`
`@@ -316,7 +316,7 @@ private Response parseResponse(String response) throws Saml2Exception, Saml2Auth`
`316`	`316`	`return this.saml.deserialize(response);`
`317`	`317`	`}`
`318`	`318`	`catch (Exception ex) {`
`319`		`- throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);`
	`319`	`+ throw new Saml2AuthenticationException(Saml2Error.malformedResponseData(ex.getMessage()), ex);`
`320`	`320`	`}`
`321`	`321`	`}`
`322`	`322`
`@@ -375,7 +375,7 @@ else if (this.logger.isDebugEnabled()) {`
`375`	`375`	`.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]");`
`376`	`376`	`}`
`377`	`377`	`Saml2Error first = errors.iterator().next();`
`378`		`- throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null);`
	`378`	`+ throw new Saml2AuthenticationException(first);`
`379`	`379`	`}`
`380`	`380`	`else {`
`381`	`381`	`if (this.logger.isDebugEnabled()) {`
`@@ -408,7 +408,7 @@ private Consumer<ResponseToken> createDefaultResponseElementsDecrypter() {`
`408`	`408`	`this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(response);`
`409`	`409`	`}`
`410`	`410`	`catch (Exception ex) {`
`411`		`- throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);`
	`411`	`+ throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);`
`412`	`412`	`}`
`413`	`413`	`};`
`414`	`414`	`}`
`@@ -437,7 +437,7 @@ private Consumer<AssertionToken> createDefaultAssertionElementsDecrypter() {`
`437`	`437`	`this.saml.withDecryptionKeys(registration.getDecryptionX509Credentials()).decrypt(assertion);`
`438`	`438`	`}`
`439`	`439`	`catch (Exception ex) {`
`440`		`- throw createAuthenticationException(Saml2ErrorCodes.DECRYPTION_ERROR, ex.getMessage(), ex);`
	`440`	`+ throw new Saml2AuthenticationException(Saml2Error.decryptionError(ex.getMessage()), ex);`
`441`	`441`	`}`
`442`	`442`	`};`
`443`	`443`	`}`
`@@ -503,11 +503,6 @@ private static Object getXmlObjectValue(XMLObject xmlObject) {`
`503`	`503`	`return xmlObject;`
`504`	`504`	`}`
`505`	`505`
`506`		`- private static Saml2AuthenticationException createAuthenticationException(String code, String message,`
`507`		`- Exception cause) {`
`508`		`- return new Saml2AuthenticationException(new Saml2Error(code, message), cause);`
`509`		`- }`
`510`		`-`
`511`	`506`	`private static Converter<AssertionToken, Saml2ResponseValidatorResult> createAssertionValidator(String errorCode,`
`512`	`507`	`Converter<AssertionToken, SAML20AssertionValidator> validatorConverter,`
`513`	`508`	`Converter<AssertionToken, ValidationContext> contextConverter) {`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@`
`22`	`22`	`import org.springframework.http.HttpMethod;`
`23`	`23`	`import org.springframework.security.saml2.core.OpenSamlInitializationService;`
`24`	`24`	`import org.springframework.security.saml2.core.Saml2Error;`
`25`		`-import org.springframework.security.saml2.core.Saml2ErrorCodes;`
`26`	`25`	`import org.springframework.security.saml2.core.Saml2ParameterNames;`
`27`	`26`	`import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;`
`28`	`27`	`import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;`
`@@ -182,8 +181,7 @@ private String decode(HttpServletRequest request) {`
`182`	`181`	`.decode();`
`183`	`182`	`}`
`184`	`183`	`catch (Exception ex) {`
`185`		`- throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),`
`186`		`- ex);`
	`184`	`+ throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);`
`187`	`185`	`}`
`188`	`186`	`}`
`189`	`187`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@`
`20`	`20`
`21`	`21`	`import org.springframework.http.HttpMethod;`
`22`	`22`	`import org.springframework.security.saml2.core.Saml2Error;`
`23`		`-import org.springframework.security.saml2.core.Saml2ErrorCodes;`
`24`	`23`	`import org.springframework.security.saml2.core.Saml2ParameterNames;`
`25`	`24`	`import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;`
`26`	`25`	`import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;`
`@@ -107,12 +106,12 @@ private String decode(HttpServletRequest request) {`
`107`	`106`	`if (!this.shouldConvertGetRequests && isGet) {`
`108`	`107`	`return null;`
`109`	`108`	`}`
	`109`	`+ Saml2Utils.DecodingConfigurer decoding = Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet);`
`110`	`110`	`try {`
`111`		`- return Saml2Utils.withEncoded(encoded).requireBase64(true).inflate(isGet).decode();`
	`111`	`+ return decoding.decode();`
`112`	`112`	`}`
`113`	`113`	`catch (Exception ex) {`
`114`		`- throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),`
`115`		`- ex);`
	`114`	`+ throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);`
`116`	`115`	`}`
`117`	`116`	`}`
`118`	`117`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@`
`24`	`24`	`import org.springframework.http.HttpMethod;`
`25`	`25`	`import org.springframework.security.saml2.core.OpenSamlInitializationService;`
`26`	`26`	`import org.springframework.security.saml2.core.Saml2Error;`
`27`		`-import org.springframework.security.saml2.core.Saml2ErrorCodes;`
`28`	`27`	`import org.springframework.security.saml2.core.Saml2ParameterNames;`
`29`	`28`	`import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;`
`30`	`29`	`import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;`
`@@ -197,8 +196,7 @@ private String decode(HttpServletRequest request) {`
`197`	`196`	`.decode();`
`198`	`197`	`}`
`199`	`198`	`catch (Exception ex) {`
`200`		`- throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, ex.getMessage()),`
`201`		`- ex);`
	`199`	`+ throw new Saml2AuthenticationException(Saml2Error.invalidResponse(ex.getMessage()), ex);`
`202`	`200`	`}`
`203`	`201`	`}`
`204`	`202`
Original file line number	Diff line number	Diff line change
`@@ -935,8 +935,8 @@ public void setGrantedAuthoritiesConverter(`
`935`	`935`
`936`	`936`	`private static String authenticatedPrincipal(Assertion assertion) {`
`937`	`937`	`if (!BaseOpenSamlAuthenticationProvider.hasName(assertion)) {`
`938`		`- throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND,`
`939`		`- "Assertion [" + assertion.getID() + "] is missing a subject"));`
	`938`	`+ throw new Saml2AuthenticationException(`
	`939`	`+ Saml2Error.subjectNotFound("Assertion [" + assertion.getID() + "] is missing a subject"));`
`940`	`940`	`}`
`941`	`941`	`return assertion.getSubject().getNameID().getValue();`
`942`	`942`	`}`