Spring Security SAML

org.springframework.security.saml
Class SAMLLogoutProcessingFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.authentication.logout.LogoutFilter
          extended by org.springframework.security.saml.SAMLLogoutProcessingFilter
All Implemented Interfaces:
Filter, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.web.context.ServletContextAware

public class SAMLLogoutProcessingFilter
extends org.springframework.security.web.authentication.logout.LogoutFilter

Filter processes arriving SAML Single Logout messages by delegating to the LogoutProfile.

Author:
Vladimir Schäfer

Field Summary
protected  SAMLContextProvider contextProvider
           
static String FILTER_URL
          Default processing URL.
protected static org.slf4j.Logger log
          Class logger.
protected  SingleLogoutProfile logoutProfile
           
protected  SAMLProcessor processor
           
protected  SAMLLogger samlLogger
           
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
SAMLLogoutProcessingFilter(org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler, org.springframework.security.web.authentication.logout.LogoutHandler... handlers)
          Constructor uses custom implementation for determining URL to redirect after successful logout.
SAMLLogoutProcessingFilter(String logoutSuccessUrl, org.springframework.security.web.authentication.logout.LogoutHandler... handlers)
          Constructor defines URL to redirect to after successful logout and handlers.
 
Method Summary
 void afterPropertiesSet()
          Verifies that required entities were autowired or set.
 void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
           
 String getFilterProcessesUrl()
           
protected  String getProfileName()
          Name of the profile processed by this class.
 void processLogout(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
          Filter loads SAML message from the request object and processes it.
protected  boolean requiresLogout(HttpServletRequest request, HttpServletResponse response)
          The filter will be used in case the URL of the request contains the DEFAULT_FILTER_URL.
 void setContextProvider(SAMLContextProvider contextProvider)
          Sets entity responsible for populating local entity context data.
 void setLogoutProfile(SingleLogoutProfile logoutProfile)
          Profile for consumption of processed messages, must be set.
 void setSamlLogger(SAMLLogger samlLogger)
          Logger for SAML events, must be set.
 void setSAMLProcessor(SAMLProcessor processor)
          Object capable of parse SAML messages from requests, must be set.
 
Methods inherited from class org.springframework.security.web.authentication.logout.LogoutFilter
setFilterProcessesUrl
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

processor

protected SAMLProcessor processor

logoutProfile

protected SingleLogoutProfile logoutProfile

samlLogger

protected SAMLLogger samlLogger

contextProvider

protected SAMLContextProvider contextProvider

log

protected static final org.slf4j.Logger log
Class logger.


FILTER_URL

public static final String FILTER_URL
Default processing URL.

See Also:
Constant Field Values
Constructor Detail

SAMLLogoutProcessingFilter

public SAMLLogoutProcessingFilter(String logoutSuccessUrl,
                                  org.springframework.security.web.authentication.logout.LogoutHandler... handlers)
Constructor defines URL to redirect to after successful logout and handlers.

Parameters:
logoutSuccessUrl - user will be redirected to the url after successful logout
handlers - handlers to invoke after logout

SAMLLogoutProcessingFilter

public SAMLLogoutProcessingFilter(org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler,
                                  org.springframework.security.web.authentication.logout.LogoutHandler... handlers)
Constructor uses custom implementation for determining URL to redirect after successful logout.

Parameters:
logoutSuccessHandler - custom implementation of the logout logic
handlers - handlers to invoke after logout
Method Detail

doFilter

public void doFilter(ServletRequest req,
                     ServletResponse res,
                     FilterChain chain)
              throws IOException,
                     ServletException
Specified by:
doFilter in interface Filter
Overrides:
doFilter in class org.springframework.security.web.authentication.logout.LogoutFilter
Throws:
IOException
ServletException

processLogout

public void processLogout(HttpServletRequest request,
                          HttpServletResponse response,
                          FilterChain chain)
                   throws IOException,
                          ServletException
Filter loads SAML message from the request object and processes it. In case the message is of LogoutResponse type it is validated and user is redirected to the success page. In case the message is invalid error is logged and user is redirected to the success page anyway.

In case the LogoutRequest message is received it will be verified and local session will be destroyed.

Parameters:
request - http request
response - http response
chain - chain
Throws:
IOException - error
ServletException - error

getProfileName

protected String getProfileName()
Name of the profile processed by this class.

Returns:
profile name

requiresLogout

protected boolean requiresLogout(HttpServletRequest request,
                                 HttpServletResponse response)
The filter will be used in case the URL of the request contains the DEFAULT_FILTER_URL.

Overrides:
requiresLogout in class org.springframework.security.web.authentication.logout.LogoutFilter
Parameters:
request - request used to determine whether to enable this filter
Returns:
true if this filter should be used

getFilterProcessesUrl

public String getFilterProcessesUrl()
Overrides:
getFilterProcessesUrl in class org.springframework.security.web.authentication.logout.LogoutFilter

setSAMLProcessor

@Autowired
public void setSAMLProcessor(SAMLProcessor processor)
Object capable of parse SAML messages from requests, must be set.

Parameters:
processor - processor

setLogoutProfile

@Autowired
public void setLogoutProfile(SingleLogoutProfile logoutProfile)
Profile for consumption of processed messages, must be set.

Parameters:
logoutProfile - profile

setSamlLogger

@Autowired
public void setSamlLogger(SAMLLogger samlLogger)
Logger for SAML events, must be set.

Parameters:
samlLogger - logger

setContextProvider

@Autowired
public void setContextProvider(SAMLContextProvider contextProvider)
Sets entity responsible for populating local entity context data. Must be set.

Parameters:
contextProvider - provider implementation

afterPropertiesSet

public void afterPropertiesSet()
                        throws ServletException
Verifies that required entities were autowired or set.

Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Overrides:
afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean
Throws:
ServletException

Spring Security SAML