Class Saml2AuthenticationToken
java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
- All Implemented Interfaces:
Serializable, Principal, Authentication, CredentialsContainer
Represents an incoming SAML 2.0 response containing an assertion that has not been
validated.
isAuthenticated() will always return false.- Since:
- 5.2
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class AbstractAuthenticationToken
AbstractAuthenticationToken.AbstractAuthenticationBuilder<B>Nested classes/interfaces inherited from interface Authentication
Authentication.Builder<B> -
Constructor Summary
ConstructorsConstructorDescriptionSaml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response) Creates aSaml2AuthenticationTokenwith the provided parameters Note that the givenRelyingPartyRegistrationshould have all its templates resolved at this point.Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response, @Nullable AbstractSaml2AuthenticationRequest authenticationRequest) Creates aSaml2AuthenticationTokenwith the provided parameters. -
Method Summary
Modifier and TypeMethodDescription@Nullable AbstractSaml2AuthenticationRequestReturns the authentication request sent to the assertion party ornullif no authentication request is presentReturns the decoded and inflated SAML 2.0 Response XML object as a string@Nullable ObjectAlways returns null.Get the resolvedRelyingPartyRegistrationassociated with the requestReturns inflated and decoded XML representation of the SAML 2 ResponsebooleanUsed to indicate toAbstractSecurityInterceptorwhether it should present the authentication token to theAuthenticationManager.voidsetAuthenticated(boolean authenticated) The state of this object cannot be changed.Methods inherited from class AbstractAuthenticationToken
equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, setDetails, toStringMethods inherited from interface Authentication
toBuilder
-
Constructor Details
-
Saml2AuthenticationToken
public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response, @Nullable AbstractSaml2AuthenticationRequest authenticationRequest) Creates aSaml2AuthenticationTokenwith the provided parameters. Note that the givenRelyingPartyRegistrationshould have all its templates resolved at this point. SeeSaml2WebSsoAuthenticationFilterfor an example of performing that resolution.- Parameters:
relyingPartyRegistration- the resolvedRelyingPartyRegistrationto usesaml2Response- the SAML 2.0 response to authenticateauthenticationRequest- theAuthNRequestsent to the asserting party- Since:
- 5.6
-
Saml2AuthenticationToken
public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response) Creates aSaml2AuthenticationTokenwith the provided parameters Note that the givenRelyingPartyRegistrationshould have all its templates resolved at this point. SeeSaml2WebSsoAuthenticationFilterfor an example of performing that resolution.- Parameters:
relyingPartyRegistration- the resolvedRelyingPartyRegistrationto usesaml2Response- the SAML 2.0 response to authenticate- Since:
- 5.4
-
-
Method Details
-
getCredentials
-
getPrincipal
-
getRelyingPartyRegistration
Get the resolvedRelyingPartyRegistrationassociated with the request- Returns:
- the resolved
RelyingPartyRegistration - Since:
- 5.4
-
getSaml2Response
Returns inflated and decoded XML representation of the SAML 2 Response- Returns:
- inflated and decoded XML representation of the SAML 2 Response
-
isAuthenticated
public boolean isAuthenticated()Description copied from interface:AuthenticationUsed to indicate toAbstractSecurityInterceptorwhether it should present the authentication token to theAuthenticationManager. Typically anAuthenticationManager(or, more often, one of itsAuthenticationProviders) will return an immutable authentication token after successful authentication, in which case that token can safely returntrueto this method. Returningtruewill improve performance, as calling theAuthenticationManagerfor every request will no longer be necessary.For security reasons, implementations of this interface should be very careful about returning
truefrom this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.- Specified by:
isAuthenticatedin interfaceAuthentication- Overrides:
isAuthenticatedin classAbstractAuthenticationToken- Returns:
- false
-
setAuthenticated
public void setAuthenticated(boolean authenticated) The state of this object cannot be changed. Will always throw an exception- Specified by:
setAuthenticatedin interfaceAuthentication- Overrides:
setAuthenticatedin classAbstractAuthenticationToken- Parameters:
authenticated- ignored
-
getAuthenticationRequest
Returns the authentication request sent to the assertion party ornullif no authentication request is present- Returns:
- the authentication request sent to the assertion party
- Since:
- 5.6
-