Support SAML 2 attributes

Example code from spring-projects/spring-security#8661

Author: danilopiazza

src/main/java/io/github/danilopiazza/spring/boot/saml/controller/IndexController.java

@@ -1,16 +1,27 @@
 package io.github.danilopiazza.spring.boot.saml.controller;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.annotation.CurrentSecurityContext;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import io.github.danilopiazza.spring.boot.saml.security.Saml2AttributeService;
+import io.github.danilopiazza.spring.boot.saml.security.Saml2AuthenticatedPrincipalWithAttributes;
+
 @RestController
 public class IndexController {
+    @Autowired
+    Saml2AttributeService saml2Attributes;
 
     @GetMapping(path = "/", produces = MediaType.APPLICATION_JSON_VALUE)
-    public Saml2AuthenticatedPrincipal index(@AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
-        return principal;
+    public Saml2AuthenticatedPrincipalWithAttributes index(
+            @CurrentSecurityContext(expression = "authentication") Saml2Authentication authentication,
+            @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
+        return new Saml2AuthenticatedPrincipalWithAttributes(principal.getName(),
+                saml2Attributes.getAttributes(authentication));
     }
 }

src/main/java/io/github/danilopiazza/spring/boot/saml/security/Saml2AttributeService.java

@@ -0,0 +1,73 @@
+package io.github.danilopiazza.spring.boot.saml.security;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.core.xml.schema.impl.XSAnyImpl;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.BasicParserPool;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@Service
+public class Saml2AttributeService {
+    public Map<String, List<String>> getAttributes(Saml2Authentication authentication) {
+        Element element = getDocumentElement(authentication);
+        Response response = getResponse(element);
+        return response.getAssertions().stream().flatMap(assertion -> assertion.getAttributeStatements().stream())
+                .flatMap(attributeStatement -> attributeStatement.getAttributes().stream())
+                .collect(Collectors.toMap(attribute -> attribute.getName(),
+                        attribute -> getAttributeValues(attribute.getAttributeValues())));
+    }
+
+    private Element getDocumentElement(Saml2Authentication authentication) {
+        try (Reader reader = new StringReader(authentication.getSaml2Response())) {
+            BasicParserPool basicParserPool = new BasicParserPool();
+            basicParserPool.initialize();
+            return basicParserPool.parse(reader).getDocumentElement();
+        } catch (ComponentInitializationException | IOException | XMLParserException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
+
+    private Response getResponse(Element element) {
+        try {
+            return (Response) XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(element)
+                    .unmarshall(element);
+        } catch (UnmarshallingException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
+
+    private List<String> getAttributeValues(Collection<XMLObject> collection) {
+        return collection.stream().map(this::getAttributeValue).collect(Collectors.toList());
+    }
+
+    private String getAttributeValue(XMLObject attributeValue) {
+        return attributeValue == null ? null
+                : attributeValue instanceof XSString ? getStringAttributeValue((XSString) attributeValue)
+                        : attributeValue instanceof XSAnyImpl ? getAnyAttributeValue((XSAnyImpl) attributeValue)
+                                : attributeValue.toString();
+    }
+
+    private String getStringAttributeValue(XSString attributeValue) {
+        return attributeValue.getValue();
+    }
+
+    private String getAnyAttributeValue(XSAnyImpl attributeValue) {
+        return attributeValue.getTextContent();
+    }
+}

src/main/java/io/github/danilopiazza/spring/boot/saml/security/Saml2AuthenticatedPrincipalWithAttributes.java

@@ -0,0 +1,29 @@
+package io.github.danilopiazza.spring.boot.saml.security;
+
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
+
+public class Saml2AuthenticatedPrincipalWithAttributes implements Saml2AuthenticatedPrincipal {
+    private final String name;
+    private final Map<String, List<String>> attributes;
+
+    public Saml2AuthenticatedPrincipalWithAttributes(String name, Map<String, List<String>> attributes) {
+        this.name = name;
+        this.attributes = attributes;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public Map<String, List<String>> getAttributes() {
+        return attributes;
+    }
+
+    @Override
+    public String toString() {
+        return "Saml2AuthenticatedPrincipalWithAttributes [attributes=" + attributes + ", name=" + name + "]";
+    }
+}