SAMLDiscovery (Spring Security SAML 1.0.0.RC2 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

Spring Security SAML

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.saml
Class SAMLDiscovery

java.lang.Object
  org.springframework.web.filter.GenericFilterBean
      org.springframework.security.saml.SAMLDiscovery

All Implemented Interfaces:: Filter, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.web.context.ServletContextAware

public class SAMLDiscovery
extends org.springframework.web.filter.GenericFilterBean
extends org.springframework.web.filter.GenericFilterBean

Filter implements Identity Provider Discovery Service as defined in initializes IDP Discovery Profile as defined in http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf.

Author:: Vladimir Schaefer

Field Summary
`protected SAMLContextProvider`	`contextProvider` Context provider.
`static String`	`ENTITY_ID_PARAM` Unique identifier of the party performing the request.
`static String`	`FILTER_URL` Default name of path suffix which will invoke this filter.
`protected String`	`filterProcessesUrl` Url this filter should get activated on.
`static String`	`IDP_DISCO_PROTOCOL_SINGLE` Default profile of the discovery service.
`protected String`	`idpSelectionPath` In case this property is set to not null value the user will be redirected to this URL for selection of IDP to use for login.
`protected static org.slf4j.Logger`	`logger`
`protected MetadataManager`	`metadata` Metadata manager used to look up entity IDs and discovery URLs.
`static String`	`PASSIVE_PARAM` Request parameter indicating whether discovery service can interact with the user agent.
`static String`	`POLICY_PARAM` Policy to use in order to determine IDP.
`static String`	`RETURN_ID_PARAM` Request parameter specifying which response attribute to use for conveying the determined IDP name.
`static String`	`RETURN_PARAM` Used to store return parameter in the forwarded request object.
`static String`	`RETURN_URL` Used to store return URL in the forwarded request object.
`static String`	`RETURN_URL_PARAM` URL used by the discovery service to send the response.
`protected SAMLEntryPoint`	`samlEntryPoint` Entry point dependency for loading of correct URL.

Constructor Summary
`SAMLDiscovery()`

Method Summary
`void`	`afterPropertiesSet()` Verifies that required entities were autowired or set.
`void`	`doFilter(ServletRequest request, ServletResponse response, FilterChain chain)`
`protected String`	`getDefaultReturnURL(SAMLMessageContext messageContext)` Provides default return URL based on metadata in case none was supplied in the request.
`String`	`getFilterProcessesUrl()`
`String`	`getIdpSelectionPath()` Path used to forward request in order to enable target IDP selection
`protected String`	`getPassiveIDP(HttpServletRequest request)` Returns IDP to be used in passive mode.
`protected boolean`	`isResponseURLValid(String returnURL, SAMLMessageContext messageContext)` Verifies whether return URL supplied in the request is valid.
`protected void`	`processDiscoveryRequest(HttpServletRequest request, HttpServletResponse response)` Method processes IDP Discovery request, validates it for conformity and either sends a passive response with default IDP (when isPassive mode is requested) or forwards browser to the IDP selection.
`protected boolean`	`processFilter(HttpServletRequest request)` The filter will be used in case the URL of the request contains the FILTER_URL.
`protected void`	`sendIDPSelection(HttpServletRequest request, HttpServletResponse response, String responseURL, String returnParam)` Forward the request to a page which renders IDP selection page for the user.
`protected void`	`sendPassiveResponse(HttpServletRequest request, HttpServletResponse response, String responseURL, String returnParam, String entityID)` Creates a URL to be used for returning of the selected IDP and sends a redirect.
`void`	`setContextProvider(SAMLContextProvider contextProvider)` Sets entity responsible for populating local entity context data.
`void`	`setFilterProcessesUrl(String filterProcessesUrl)` Custom filter URL which overrides the default.
`void`	`setIdpSelectionPath(String idpSelectionPath)` Sets path where request dispatcher will send user for IDP selection.
`void`	`setMetadata(MetadataManager metadata)` Metadata manager, cannot be null, must be set.
`void`	`setSamlEntryPoint(SAMLEntryPoint samlEntryPoint)` Dependency for loading of entry point URL

Methods inherited from class org.springframework.web.filter.GenericFilterBean
`addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

logger

protected static final org.slf4j.Logger logger

RETURN_URL

public static final String RETURN_URL

Used to store return URL in the forwarded request object.

See Also:: Constant Field Values

RETURN_PARAM

public static final String RETURN_PARAM

Used to store return parameter in the forwarded request object.

See Also:: Constant Field Values

ENTITY_ID_PARAM

public static final String ENTITY_ID_PARAM

Unique identifier of the party performing the request. Part of IDP Disco specification.

See Also:: Constant Field Values

RETURN_URL_PARAM

public static final String RETURN_URL_PARAM

URL used by the discovery service to send the response. Value is verified against metadata of the requesting entity. URL can contain additional query part, but mustn't include the same attribute as specified in returnIdParam. Part of IDP Disco specification.

See Also:: Constant Field Values

RETURN_ID_PARAM

public static final String RETURN_ID_PARAM

Request parameter specifying which response attribute to use for conveying the determined IDP name. Uses "entityID" when empty. Part of IDP Disco specification.

See Also:: Constant Field Values

POLICY_PARAM

public static final String POLICY_PARAM

Policy to use in order to determine IDP. Only the default IDP_DISCO_PROTOCOL_SINGLE is supported and is also used when policy request attribute is unspecified. Part of IDP Disco specification.

See Also:: Constant Field Values

PASSIVE_PARAM

public static final String PASSIVE_PARAM

Request parameter indicating whether discovery service can interact with the user agent. Allowed values are "true" or "false" Set to "false" when unspecified. Part of IDP Disco specification.

See Also:: Constant Field Values

idpSelectionPath

protected String idpSelectionPath

In case this property is set to not null value the user will be redirected to this URL for selection of IDP to use for login. In case it is null user will be redirected to the default IDP.

metadata

protected MetadataManager metadata

Metadata manager used to look up entity IDs and discovery URLs.

contextProvider

protected SAMLContextProvider contextProvider

Context provider.

samlEntryPoint

protected SAMLEntryPoint samlEntryPoint

Entry point dependency for loading of correct URL.

filterProcessesUrl

protected String filterProcessesUrl

Url this filter should get activated on.

FILTER_URL

public static final String FILTER_URL

Default name of path suffix which will invoke this filter.

See Also:: Constant Field Values

IDP_DISCO_PROTOCOL_SINGLE

public static final String IDP_DISCO_PROTOCOL_SINGLE

Default profile of the discovery service.

See Also:: Constant Field Values

Constructor Detail

SAMLDiscovery

public SAMLDiscovery()

Method Detail

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException

Throws:: IOException; ServletException

processFilter

protected boolean processFilter(HttpServletRequest request)

The filter will be used in case the URL of the request contains the FILTER_URL.

Parameters:: request - request used to determine whether to enable this filter
Returns:: true if this filter should be used

processDiscoveryRequest

protected void processDiscoveryRequest(HttpServletRequest request,
                                       HttpServletResponse response)
                                throws IOException,
                                       ServletException

Method processes IDP Discovery request, validates it for conformity and either sends a passive response with default IDP (when isPassive mode is requested) or forwards browser to the IDP selection. By default the page located at idpSelectionPath is included.

Parameters:: request - request; response - response
Throws:: ServletException - error; IOException - io error

sendPassiveResponse

protected void sendPassiveResponse(HttpServletRequest request,
                                   HttpServletResponse response,
                                   String responseURL,
                                   String returnParam,
                                   String entityID)
                            throws IOException,
                                   ServletException

Creates a URL to be used for returning of the selected IDP and sends a redirect.

Parameters:: request - request object; response - response object; responseURL - base for the return URL; returnParam - parameter name to send the IDP entityId in; entityID - entity ID to send or null for fail state
Throws:: IOException - in case redirect sending fails; ServletException - in case redirect sending fails

sendIDPSelection

protected void sendIDPSelection(HttpServletRequest request,
                                HttpServletResponse response,
                                String responseURL,
                                String returnParam)
                         throws IOException,
                                ServletException

Forward the request to a page which renders IDP selection page for the user. The URL for redirect and param for IDP selection are included as request attributes under keys with constant names RETURN_URL and RETURN_PARAM.

Parameters:: request - request object; response - response object; responseURL - base for the return URL; returnParam - parameter name to send the IDP entityId in
Throws:: IOException - in case forwarding to the selection page fails; ServletException - in case forwarding to the selection page fails

getDefaultReturnURL

protected String getDefaultReturnURL(SAMLMessageContext messageContext)

Provides default return URL based on metadata in case none was supplied in the request. URL is automatically generated for local entities which do not contain discovery URL in metadata.

Parameters:: messageContext - context for the local SP
Returns:: URL to return the selected IDP to
Throws:: org.opensaml.common.SAMLRuntimeException - in case entity is remote and doesn't contain URL in metadata

isResponseURLValid

protected boolean isResponseURLValid(String returnURL,
                                     SAMLMessageContext messageContext)

Verifies whether return URL supplied in the request is valid. By default it is verified that the host part of the supplied URL is the same as the host part of the default response location in metadata (IDP Disco, 320)

Parameters:: returnURL - URL from the request; messageContext - message context for current SP
Returns:: true if the request is valid, false otherwise

getPassiveIDP

protected String getPassiveIDP(HttpServletRequest request)

Returns IDP to be used in passive mode. By default the default IDP designated so in metadata is used.

Parameters:: request - IDP discovery request
Returns:: IDP configured as default or null when no such exists

getIdpSelectionPath

public String getIdpSelectionPath()

Path used to forward request in order to enable target IDP selection

Returns:: path for forward

setIdpSelectionPath

public void setIdpSelectionPath(String idpSelectionPath)

Sets path where request dispatcher will send user for IDP selection. In case it is null the default server will always be used.

Parameters:: idpSelectionPath - selection path

setMetadata

@Autowired
public void setMetadata(MetadataManager metadata)

Metadata manager, cannot be null, must be set.

Parameters:: metadata - manager

setSamlEntryPoint

@Autowired(required=false)
public void setSamlEntryPoint(SAMLEntryPoint samlEntryPoint)

Dependency for loading of entry point URL

Parameters:: samlEntryPoint -

setContextProvider

@Autowired
public void setContextProvider(SAMLContextProvider contextProvider)

Sets entity responsible for populating local entity context data.

Parameters:: contextProvider - provider implementation

getFilterProcessesUrl

public String getFilterProcessesUrl()

Returns:: filter URL

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

Custom filter URL which overrides the default. Filter url determines URL where filter starts processing.

Parameters:: filterProcessesUrl - filter URL

afterPropertiesSet

public void afterPropertiesSet()
                        throws ServletException

Verifies that required entities were autowired or set.

Specified by:: afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Overrides:: afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

Throws:: ServletException