SAMLProcessingFilter (Spring Security SAML 1.0.10.RELEASE API)

java.lang.Object
- org.springframework.web.filter.GenericFilterBean
- - org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
  - - org.springframework.security.saml.SAMLProcessingFilter

All Implemented Interfaces:

Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

Direct Known Subclasses:

SAMLWebSSOHoKProcessingFilter
```
public class SAMLProcessingFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
```
Filter processes arriving SAML messages by delegating to the WebSSOProfile. After the SAMLAuthenticationToken is obtained, authentication providers are asked to authenticate it.

Author:

Vladimir Schäfer

Field Summary

Fields
Modifier and Type	Field and Description
`protected SAMLContextProvider`	`contextProvider`
`static String`	`FILTER_URL` URL for Web SSO profile responses or unsolicited requests
`protected static org.slf4j.Logger`	`log`
`protected SAMLProcessor`	`processor`
`protected org.opensaml.common.binding.decoding.URIComparator`	`uriComparator`

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger

Constructor Summary

Constructors
Modifier Constructor and Description

SAMLProcessingFilter()

protected SAMLProcessingFilter(String defaultFilterProcessesUrl)

Constructors
Modifier	Constructor and Description
	`SAMLProcessingFilter()`
`protected`	`SAMLProcessingFilter(String defaultFilterProcessesUrl)`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`void`	`afterPropertiesSet()` Verifies that required entities were autowired or set.
`org.springframework.security.core.Authentication`	`attemptAuthentication(HttpServletRequest request, HttpServletResponse response)` In case the login attribute is not present it is presumed that the call is made from the remote IDP and contains a SAML assertion which is processed and authenticated.
`String`	`getFilterProcessesUrl()` Gets the URL used to determine if this Filter is invoked
`protected String`	`getProfileName()` Name of the profile this used for authentication.
`protected boolean`	`requiresAuthentication(HttpServletRequest request, HttpServletResponse response)`
`void`	`setContextProvider(SAMLContextProvider contextProvider)` Sets entity responsible for populating local entity context data.
`void`	`setDefaultTargetUrl(String url)` Deprecated.
`void`	`setFilterProcessesUrl(String filterProcessesUrl)` Sets the URL used to determine if this Filter is invoked
`void`	`setSAMLProcessor(SAMLProcessor processor)` Object capable of parse SAML messages from requests, must be set.
`void`	`setUriComparator(org.opensaml.common.binding.decoding.URIComparator uriComparator)` Sets URI comparator used to get local entity endpoint

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - log
```
protected static final org.slf4j.Logger log
```
  - processor
```
protected SAMLProcessor processor
```
  - contextProvider
```
protected SAMLContextProvider contextProvider
```
  - uriComparator
```
protected org.opensaml.common.binding.decoding.URIComparator uriComparator
```
  - FILTER_URL
```
public static final String FILTER_URL
```
    URL for Web SSO profile responses or unsolicited requests
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - SAMLProcessingFilter
```
public SAMLProcessingFilter()
```
  - SAMLProcessingFilter
```
protected SAMLProcessingFilter(String defaultFilterProcessesUrl)
```
- Method Detail
  - attemptAuthentication
```
public org.springframework.security.core.Authentication attemptAuthentication(HttpServletRequest request,
                                                                              HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException
```
    In case the login attribute is not present it is presumed that the call is made from the remote IDP and contains a SAML assertion which is processed and authenticated.
    
    Specified by:
    
    attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    
    Parameters:
    
    request - request
    
    Returns:
    
    authentication object in case SAML data was found and valid
    
    Throws:
    
    org.springframework.security.core.AuthenticationException - authentication failure
  - getProfileName
```
protected String getProfileName()
```
    Name of the profile this used for authentication.
    
    Returns:
    
    profile name
  - requiresAuthentication
```
protected boolean requiresAuthentication(HttpServletRequest request,
                                         HttpServletResponse response)
```
    Overrides:
    
    requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
  - setDefaultTargetUrl
```
@Deprecated
public void setDefaultTargetUrl(String url)
```
    Deprecated.
    
    Use setAuthenticationSuccessHandler method and pass a custom handler instead.
    Creates a new successHandler and sets default URL for redirect after login. In case user requests a specific page which caused the login process initialization the original page will be reused. Any existing handler will be overwritten.
    
    Parameters:
    
    url - url to use as a default success redirect
    
    See Also:
    
    SAMLRelayStateSuccessHandler, SavedRequestAwareAuthenticationSuccessHandler
  - setSAMLProcessor
```
@Autowired
public void setSAMLProcessor(SAMLProcessor processor)
```
    Object capable of parse SAML messages from requests, must be set.
    
    Parameters:
    
    processor - processor
  - setContextProvider
```
@Autowired
public void setContextProvider(SAMLContextProvider contextProvider)
```
    Sets entity responsible for populating local entity context data. Must be set.
    
    Parameters:
    
    contextProvider - provider implementation
  - setUriComparator
```
@Autowired(required=false)
public void setUriComparator(org.opensaml.common.binding.decoding.URIComparator uriComparator)
```
    Sets URI comparator used to get local entity endpoint
    
    Parameters:
    
    uriComparator - URI comparator
    
    See Also:
    
    SAMLUtil.getEndpoint(List, String, InTransport, URIComparator)
  - afterPropertiesSet
```
public void afterPropertiesSet()
```
    Verifies that required entities were autowired or set.
    
    Specified by:
    
    afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    
    Overrides:
    
    afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
  - setFilterProcessesUrl
```
public void setFilterProcessesUrl(String filterProcessesUrl)
```
    Sets the URL used to determine if this Filter is invoked
    
    Overrides:
    
    setFilterProcessesUrl in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    
    Parameters:
    
    filterProcessesUrl - the URL used to determine if this Filter is invoked
  - getFilterProcessesUrl
```
public String getFilterProcessesUrl()
```
    Gets the URL used to determine if this Filter is invoked
    
    Returns:
    
    the URL used to determine if this Fitler is invoked

Class SAMLProcessingFilter

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Detail

log

processor

contextProvider

uriComparator

FILTER_URL

Constructor Detail

SAMLProcessingFilter

SAMLProcessingFilter

Method Detail

attemptAuthentication

getProfileName

requiresAuthentication

setDefaultTargetUrl

setSAMLProcessor

setContextProvider

setUriComparator

afterPropertiesSet

setFilterProcessesUrl

getFilterProcessesUrl