Spring Security SAML

org.springframework.security.saml
Class SAMLProcessingFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
          extended by org.springframework.security.saml.SAMLProcessingFilter
All Implemented Interfaces:
Filter, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware
Direct Known Subclasses:
SAMLWebSSOHoKProcessingFilter

public class SAMLProcessingFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Filter processes arriving SAML messages by delegating to the WebSSOProfile. After the SAMLAuthenticationToken is obtained, authentication providers are asked to authenticate it.

Author:
Vladimir Schäfer

Field Summary
protected  SAMLContextProvider contextProvider
           
static String FILTER_URL
          URL for Web SSO profile responses or unsolicited requests
protected static org.slf4j.Logger logger
           
protected  SAMLProcessor processor
           
 
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY
 
Constructor Summary
  SAMLProcessingFilter()
           
protected SAMLProcessingFilter(String defaultFilterProcessesUrl)
           
 
Method Summary
 void afterPropertiesSet()
          Verifies that required entities were autowired or set.
 org.springframework.security.core.Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
          In case the login attribute is not present it is presumed that the call is made from the remote IDP and contains a SAML assertion which is processed and authenticated.
protected  String getProfileName()
          Name of the profile this used for authentication.
protected  boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response)
           
 void setContextProvider(SAMLContextProvider contextProvider)
          Sets entity responsible for populating local entity context data.
 void setDefaultTargetUrl(String url)
          Deprecated. 
 void setSAMLProcessor(SAMLProcessor processor)
          Object capable of parse SAML messages from requests, must be set.
 
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final org.slf4j.Logger logger

processor

protected SAMLProcessor processor

contextProvider

protected SAMLContextProvider contextProvider

FILTER_URL

public static final String FILTER_URL
URL for Web SSO profile responses or unsolicited requests

See Also:
Constant Field Values
Constructor Detail

SAMLProcessingFilter

public SAMLProcessingFilter()

SAMLProcessingFilter

protected SAMLProcessingFilter(String defaultFilterProcessesUrl)
Method Detail

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(HttpServletRequest request,
                                                                              HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException
In case the login attribute is not present it is presumed that the call is made from the remote IDP and contains a SAML assertion which is processed and authenticated.

Specified by:
attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Parameters:
request - request
Returns:
authentication object in case SAML data was found and valid
Throws:
org.springframework.security.core.AuthenticationException - authentication failure

getProfileName

protected String getProfileName()
Name of the profile this used for authentication.

Returns:
profile name

requiresAuthentication

protected boolean requiresAuthentication(HttpServletRequest request,
                                         HttpServletResponse response)
Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setDefaultTargetUrl

@Deprecated
public void setDefaultTargetUrl(String url)
Deprecated. 

Use setAuthenticationSuccessHandler method and pass a custom handler instead.

Creates a new successHandler and sets default URL for redirect after login. In case user requests a specific page which caused the login process initialization the original page will be reused. Any existing handler will be overwritten.

Parameters:
url - url to use as a default success redirect
See Also:
SAMLRelayStateSuccessHandler, SavedRequestAwareAuthenticationSuccessHandler

setSAMLProcessor

@Autowired
public void setSAMLProcessor(SAMLProcessor processor)
Object capable of parse SAML messages from requests, must be set.

Parameters:
processor - processor

setContextProvider

@Autowired
public void setContextProvider(SAMLContextProvider contextProvider)
Sets entity responsible for populating local entity context data. Must be set.

Parameters:
contextProvider - provider implementation

afterPropertiesSet

public void afterPropertiesSet()
Verifies that required entities were autowired or set.

Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Overrides:
afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Spring Security SAML