Class CacheSaml2AuthenticationRequestRepository
java.lang.Object
org.springframework.security.saml2.provider.service.web.CacheSaml2AuthenticationRequestRepository
- All Implemented Interfaces:
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>
public final class CacheSaml2AuthenticationRequestRepository
extends Object
implements Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>
A cache-based
Saml2AuthenticationRequestRepository
. This can be handy when you
are dropping requests due to using SameSite=Strict and the previous session is lost.
On the other hand, this presents a tradeoff where the application can only tell that the given authentication request was created by this application, but cannot guarantee that it was for the user trying to log in. Please see the reference for details.
- Since:
- 6.5
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionloadAuthenticationRequest
(jakarta.servlet.http.HttpServletRequest request) Loads theAbstractSaml2AuthenticationRequest
from the requestremoveAuthenticationRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Removes the authentication request using theHttpServletRequest
andHttpServletResponse
void
saveAuthenticationRequest
(AbstractSaml2AuthenticationRequest authenticationRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Saves the current authentication request using theHttpServletRequest
andHttpServletResponse
void
setCache
(org.springframework.cache.Cache cache) Use thisCache
instance.
-
Constructor Details
-
CacheSaml2AuthenticationRequestRepository
public CacheSaml2AuthenticationRequestRepository()
-
-
Method Details
-
loadAuthenticationRequest
public AbstractSaml2AuthenticationRequest loadAuthenticationRequest(jakarta.servlet.http.HttpServletRequest request) Description copied from interface:Saml2AuthenticationRequestRepository
Loads theAbstractSaml2AuthenticationRequest
from the request- Specified by:
loadAuthenticationRequest
in interfaceSaml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>
- Parameters:
request
- the current request- Returns:
- the
AbstractSaml2AuthenticationRequest
ornull
if it is not present
-
saveAuthenticationRequest
public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:Saml2AuthenticationRequestRepository
Saves the current authentication request using theHttpServletRequest
andHttpServletResponse
- Specified by:
saveAuthenticationRequest
in interfaceSaml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>
- Parameters:
authenticationRequest
- theAbstractSaml2AuthenticationRequest
request
- the current requestresponse
- the current response
-
removeAuthenticationRequest
public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:Saml2AuthenticationRequestRepository
Removes the authentication request using theHttpServletRequest
andHttpServletResponse
- Specified by:
removeAuthenticationRequest
in interfaceSaml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>
- Parameters:
request
- the current requestresponse
- the current response- Returns:
- the removed
AbstractSaml2AuthenticationRequest
ornull
if it is not present
-
setCache
public void setCache(org.springframework.cache.Cache cache) Use thisCache
instance. The default is an in-memory cache, which means it won't work in a clustered environment. Instead, replace it here with a distributed cache.- Parameters:
cache
- theCache
instance to use
-