Spring Security SAML

org.springframework.security.saml
Class SAMLRelayStateSuccessHandler

java.lang.Object
  extended by org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
      extended by org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
          extended by org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
              extended by org.springframework.security.saml.SAMLRelayStateSuccessHandler
All Implemented Interfaces:
org.springframework.security.web.authentication.AuthenticationSuccessHandler

public class SAMLRelayStateSuccessHandler
extends org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

Implementation of a success handler which interprets meaning of the RelayState inside SAMLCredential as an URL to redirect user to.

Author:
Vladimir Schafer

Field Summary
protected static org.slf4j.Logger log
          Class logger.
 
Fields inherited from class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
logger
 
Constructor Summary
SAMLRelayStateSuccessHandler()
           
 
Method Summary
protected  String getTargetURL(String relayState)
          Method is responsible for processing relayState and returning URL the system can redirect to.
 void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, org.springframework.security.core.Authentication authentication)
          Implementation tries to load RelayString from the SAMLCredential authentication object and in case the state is present uses it as the target URL.
 
Methods inherited from class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
setRequestCache
 
Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
clearAuthenticationAttributes
 
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected static final org.slf4j.Logger log
Class logger.

Constructor Detail

SAMLRelayStateSuccessHandler

public SAMLRelayStateSuccessHandler()
Method Detail

onAuthenticationSuccess

public void onAuthenticationSuccess(HttpServletRequest request,
                                    HttpServletResponse response,
                                    org.springframework.security.core.Authentication authentication)
                             throws ServletException,
                                    IOException
Implementation tries to load RelayString from the SAMLCredential authentication object and in case the state is present uses it as the target URL. In case the state is missing behaviour is the same as of the SavedRequestAwareAuthenticationSuccessHandler.

Specified by:
onAuthenticationSuccess in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
Overrides:
onAuthenticationSuccess in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
Throws:
ServletException
IOException

getTargetURL

protected String getTargetURL(String relayState)
Method is responsible for processing relayState and returning URL the system can redirect to. Method can decide to ignore the relayState and redirect user to default location by returning null.

Parameters:
relayState - relay state to process, can be null
Returns:
null to ignore the state, URL to redirect to otherwise

Spring Security SAML