Update pac4j to 5.2.0

pom.xml

@@ -42,7 +42,7 @@ under the License.
   </scm>
 
   <properties>
-    <revision>3</revision>
+    <revision>4</revision>
     <changelist>999999-SNAPSHOT</changelist>
     <jenkins.version>2.361</jenkins.version>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
@@ -98,8 +98,7 @@ under the License.
     <dependency>
       <groupId>org.pac4j</groupId>
       <artifactId>pac4j-saml</artifactId>
-      <!-- versions 4.x.x require JDK 11 -->
-      <version>3.9.0</version>
+      <version>5.2.0</version>
       <optional>false</optional>
       <exclusions>
         <exclusion>
@@ -196,6 +195,12 @@ under the License.
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+        <groupId>org.pac4j</groupId>
+        <artifactId>pac4j-jee</artifactId>
+        <version>5.2.0</version>
+        <optional>false</optional>
+    </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>mailer</artifactId>

src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java

@@ -18,14 +18,16 @@
 package org.jenkinsci.plugins.saml;
 
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.logging.Logger;
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.opensaml.core.config.InitializationException;
 import org.opensaml.core.config.InitializationService;
-import org.pac4j.core.context.J2EContext;
+import org.pac4j.core.context.JEEContext;
 import org.pac4j.core.context.WebContext;
+import org.pac4j.core.exception.TechnicalException;
 import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver;
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.config.SAML2Configuration;
@@ -86,7 +88,7 @@ public T get() {
      * @return J2E Context from the current HTTP request and response.
      */
     protected WebContext createWebContext() {
-        return new J2EContext(request, response);
+        return new JEEContext(request, response);
     }
 
     /**
@@ -140,8 +142,7 @@ protected SAML2Client createSAML2Client() {
             // reference) is set, include it in the request to the IdP, and request
             // that the IdP uses exact matching for authentication types
             if (samlPluginConfig.getAuthnContextClassRef() != null) {
-                //noinspection deprecation
-                config.setAuthnContextClassRef(samlPluginConfig.getAuthnContextClassRef());
+                config.setAuthnContextClassRefs(Arrays.asList(samlPluginConfig.getAuthnContextClassRef()));
                 config.setComparisonType("exact");
             }
 
@@ -160,7 +161,7 @@ protected SAML2Client createSAML2Client() {
         if (LOG.isLoggable(FINE)) {
             try {
                 LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata());
-            } catch (IOException e) {
+            } catch (TechnicalException e) {
                 LOG.fine("Is not possible to show the metadata : " + e.getMessage());
             }
         }

src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java

@@ -21,7 +21,8 @@
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.pac4j.core.context.WebContext;
-import org.pac4j.core.exception.HttpAction;
+import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.core.exception.http.HttpAction;
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.credentials.SAML2Credentials;
 import org.pac4j.saml.exceptions.SAMLException;
@@ -52,8 +53,8 @@ protected SAML2Profile process() {
         try {
             SAML2Client client = createSAML2Client();
             WebContext context = createWebContext();
-            credentials = client.getCredentials(context);
-            saml2Profile = client.getUserProfile(credentials, context);
+            credentials = (SAML2Credentials) client.getCredentials(context, JEESessionStore.INSTANCE).orElse(null);
+            saml2Profile = (SAML2Profile) client.getUserProfile(credentials, context, JEESessionStore.INSTANCE).orElse(null);
             client.destroy();
         } catch (HttpAction|SAMLException e) {
             //if the SAMLResponse is not valid we send the user again to the IdP

src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java

@@ -19,15 +19,16 @@
 
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
+import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.core.exception.http.HttpAction;
+import org.pac4j.core.exception.http.RedirectionAction;
 import org.pac4j.core.context.WebContext;
-import org.pac4j.core.exception.HttpAction;
-import org.pac4j.core.redirect.RedirectAction;
 import org.pac4j.saml.client.SAML2Client;
 
 /**
  * Process the current configuration and request to prepare a Redirection to the IdP.
  */
-public class SamlRedirectActionWrapper extends OpenSAMLWrapper<RedirectAction> {
+public class SamlRedirectActionWrapper extends OpenSAMLWrapper<RedirectionAction> {
 
     public SamlRedirectActionWrapper(SamlPluginConfig samlPluginConfig, StaplerRequest request, StaplerResponse response) {
         this.request = request;
@@ -41,11 +42,11 @@ public SamlRedirectActionWrapper(SamlPluginConfig samlPluginConfig, StaplerReque
      */
     @SuppressWarnings("unused")
     @Override
-    protected RedirectAction process() throws IllegalStateException {
+    protected RedirectionAction process() throws IllegalStateException {
         try {
             SAML2Client client = createSAML2Client();
             WebContext context = createWebContext();
-            RedirectAction redirection = client.getRedirectAction(context);
+            RedirectionAction redirection = client.getRedirectionAction(context, JEESessionStore.INSTANCE).orElse(null);
             client.destroy();
             return redirection;
         } catch (HttpAction e) {

src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java

@@ -22,6 +22,7 @@
 import org.kohsuke.stapler.HttpResponses;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
+import org.pac4j.core.exception.TechnicalException;
 import org.pac4j.saml.client.SAML2Client;
 
 /**
@@ -46,7 +47,7 @@ protected HttpResponse process() throws IllegalStateException {
         try {
             metadata = client.getServiceProviderMetadataResolver().getMetadata();
             client.destroy();
-        } catch (IOException e) {
+        } catch (TechnicalException e) {
            throw new IllegalStateException(e);
         }
         return HttpResponses.text(metadata);

src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java

@@ -45,8 +45,10 @@
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.interceptor.RequirePOST;
-import org.pac4j.core.redirect.RedirectAction;
-import org.pac4j.core.redirect.RedirectAction.RedirectType;
+import org.pac4j.core.exception.http.OkAction;
+import org.pac4j.core.exception.http.RedirectionAction;
+import org.pac4j.core.exception.http.SeeOtherAction;
+import org.springframework.dao.DataAccessException;
 import org.pac4j.saml.profile.SAML2Profile;
 import org.springframework.dao.DataAccessException;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -255,15 +257,15 @@ public HttpResponse doCommenceLogin(final StaplerRequest request, final StaplerR
         String redirectOnFinish = calculateSafeRedirect(from, referer);
         request.getSession().setAttribute(REFERER_ATTRIBUTE, redirectOnFinish);
 
-        RedirectAction action = new SamlRedirectActionWrapper(getSamlPluginConfig(), request, response).get();
-        if (action.getType() == RedirectType.REDIRECT) {
-            LOG.fine("REDIRECT : " + action.getLocation());
-            return HttpResponses.redirectTo(action.getLocation());
-        } else if (action.getType() == RedirectType.SUCCESS) {
-            LOG.fine("SUCCESS : " + action.getContent());
-            return HttpResponses.literalHtml(action.getContent());
+        RedirectionAction action = new SamlRedirectActionWrapper(getSamlPluginConfig(), request, response).get();
+        if (action instanceof SeeOtherAction) {
+            LOG.fine("REDIRECT : " + ((SeeOtherAction)action).getLocation());
+            return HttpResponses.redirectTo(((SeeOtherAction)action).getLocation());
+        } else if (action instanceof OkAction) {
+            LOG.fine("SUCCESS : " + ((OkAction) action).getContent());
+            return HttpResponses.literalHtml(((OkAction) action).getContent());
         } else {
-            throw new IllegalStateException("Received unexpected response type " + action.getType());
+            throw new IllegalStateException("Received unexpected response type " + action.getCode());
         }
     }