Remove XSAnyMarshaller AttributeValue Support

In favor of customizing the authentication converter

Closes gh-8864

Author: jzheaux

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java

@@ -34,16 +34,13 @@
 
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
 import net.shibboleth.utilities.java.support.xml.ParserPool;
-import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.joda.time.DateTime;
 import org.opensaml.core.config.ConfigurationService;
 import org.opensaml.core.criterion.EntityIdCriterion;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
-import org.opensaml.core.xml.io.Marshaller;
-import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.core.xml.schema.XSAny;
 import org.opensaml.core.xml.schema.XSBoolean;
 import org.opensaml.core.xml.schema.XSBooleanValue;
@@ -520,7 +517,7 @@ private Map<String, List<Object>> getAssertionAttributes(Assertion assertion) {
 
 	private Object getXmlObjectValue(XMLObject xmlObject) {
 		if (xmlObject instanceof XSAny) {
-			return getXSAnyObjectValue((XSAny) xmlObject);
+			return ((XSAny) xmlObject).getTextContent();
 		}
 		if (xmlObject instanceof XSString) {
 			return ((XSString) xmlObject).getValue();
@@ -542,19 +539,6 @@ private Object getXmlObjectValue(XMLObject xmlObject) {
 		return null;
 	}
 
-	private Object getXSAnyObjectValue(XSAny xsAny) {
-		Marshaller marshaller = this.registry.getMarshallerFactory().getMarshaller(xsAny);
-		if (marshaller != null) {
-			try {
-				Element element = marshaller.marshall(xsAny);
-				return SerializeSupport.nodeToString(element);
-			} catch (MarshallingException e) {
-				throw new Saml2Exception(e);
-			}
-		}
-		return xsAny.getTextContent();
-	}
-
 	private static class SignatureTrustEngineConverter implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> {
 
 		@Override

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java

@@ -41,13 +41,11 @@
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.opensaml.core.xml.XMLObject;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.io.Marshaller;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.saml.common.assertion.ValidationContext;
 import org.opensaml.saml.saml2.core.Assertion;
 import org.opensaml.saml.saml2.core.AttributeStatement;
-import org.opensaml.saml.saml2.core.AttributeValue;
 import org.opensaml.saml.saml2.core.EncryptedAssertion;
 import org.opensaml.saml.saml2.core.EncryptedID;
 import org.opensaml.saml.saml2.core.NameID;
@@ -257,29 +255,6 @@ public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
 		assertThat(principal.getAttributes()).isEqualTo(expected);
 	}
 
-	@Test
-	public void authenticateWhenAttributeValueMarshallerConfiguredThenUses() throws Exception {
-		Response response = response();
-		Assertion assertion = assertion();
-		List<AttributeStatement> attributes = attributeStatements();
-		assertion.getAttributeStatements().addAll(attributes);
-		signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
-		response.getAssertions().add(assertion);
-		Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
-
-		Element attributeElement = element("<element>value</element>");
-		Marshaller marshaller = mock(Marshaller.class);
-		when(marshaller.marshall(any(XMLObject.class))).thenReturn(attributeElement);
-
-		try {
-			XMLObjectProviderRegistrySupport.getMarshallerFactory().registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller);
-			this.provider.authenticate(token);
-			verify(marshaller, atLeastOnce()).marshall(any(XMLObject.class));
-		} finally {
-			XMLObjectProviderRegistrySupport.getMarshallerFactory().deregisterMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME);
-		}
-	}
-
 	@Test
 	public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
 		this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
@@ -504,11 +479,4 @@ private Saml2AuthenticationToken token(String payload, Saml2X509Credential... cr
 		return new Saml2AuthenticationToken(payload,
 				DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, Arrays.asList(credentials));
 	}
-
-	private static Element element(String xml) throws Exception {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		DocumentBuilder builder = factory.newDocumentBuilder();
-		Document doc = builder.parse(new InputSource(new StringReader(xml)));
-		return doc.getDocumentElement();
-	}
 }

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java

@@ -312,7 +312,8 @@ static List<AttributeStatement> attributeStatements() {
 
 		Attribute emailAttr = attributeBuilder.buildObject();
 		emailAttr.setName("email");
-		XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
+		XSAny email1 = new XSAnyBuilder()
+				.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); // gh-8864
 		email1.setTextContent("[email protected]");
 		emailAttr.getAttributeValues().add(email1);
 		XSAny email2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);