public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
DEFAULT_FILTER_PROCESSES_URI |
authenticationDetailsSource, eventPublisher, messages
Constructor and Description |
---|
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) |
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
java.lang.String filterProcessesUrl) |
Modifier and Type | Method and Description |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication.
|
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a login request for the
current invocation.
|
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
public static final java.lang.String DEFAULT_FILTER_PROCESSES_URI
public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)
public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, java.lang.String filterProcessesUrl)
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
AbstractAuthenticationProcessingFilter
It strips any parameters from the "path" section of the request URL (such as the
jsessionid parameter in https://host/myapp/index.html;jsessionid=blah)
before matching against the filterProcessesUrl
property.
Subclasses may override for special requirements, such as Tapestry integration.
requiresAuthentication
in class AbstractAuthenticationProcessingFilter
true
if the filter should attempt authentication,
false
otherwise.public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws AuthenticationException
AbstractAuthenticationProcessingFilter
The implementation should do one of the following:
attemptAuthentication
in class AbstractAuthenticationProcessingFilter
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a
redirect as part of a multi-stage authentication process (such as OpenID).AuthenticationException
- if authentication fails.