Class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
-
- org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer<B>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,B>
public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
AnAbstractHttpConfigurer
for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.
Defaults are provided for all configuration options with the only required configuration being
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository)
. Alternatively, aRelyingPartyRegistrationRepository
@Bean
may be registered instead.Security Filters
The followingFilter
's are populated:Saml2WebSsoAuthenticationFilter
Saml2WebSsoAuthenticationRequestFilter
Shared Objects Created
The following shared objects are populated:RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)
Shared Objects Used
The following shared objects are used:RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)DefaultLoginPageGeneratingFilter
- ifloginPage(String)
is not configured andDefaultLoginPageGeneratingFilter
is available, than a default login page will be made available
- Since:
- 5.2
- See Also:
HttpSecurity.saml2Login()
,Saml2WebSsoAuthenticationFilter
,Saml2WebSsoAuthenticationRequestFilter
,RelyingPartyRegistrationRepository
,AbstractAuthenticationFilterConfigurer
-
-
Constructor Summary
Constructors Constructor Description Saml2LoginConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Saml2LoginConfigurer<B>
authenticationConverter(AuthenticationConverter authenticationConverter)
Use thisAuthenticationConverter
when converting incoming requests to anAuthentication
.Saml2LoginConfigurer<B>
authenticationManager(AuthenticationManager authenticationManager)
Allows a configuration of aAuthenticationManager
to be used during SAML 2 authentication.void
configure(B http)
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.protected RequestMatcher
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create theRequestMatcher
given a loginProcessingUrlvoid
init(B http)
Initialize theSecurityBuilder
.Saml2LoginConfigurer<B>
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.Saml2LoginConfigurer<B>
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.Saml2LoginConfigurer
relyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository repo)
Sets theRelyingPartyRegistrationRepository
of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Method Detail
-
authenticationConverter
public Saml2LoginConfigurer<B> authenticationConverter(AuthenticationConverter authenticationConverter)
Use thisAuthenticationConverter
when converting incoming requests to anAuthentication
. By default theSaml2AuthenticationTokenConverter
is used.- Parameters:
authenticationConverter
- theAuthenticationConverter
to use- Returns:
- the
Saml2LoginConfigurer
for further configuration - Since:
- 5.4
-
authenticationManager
public Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager)
Allows a configuration of aAuthenticationManager
to be used during SAML 2 authentication. If none is specified, the system will create one inject it into theSaml2WebSsoAuthenticationFilter
- Parameters:
authenticationManager
- the authentication manager to be used- Returns:
- the
Saml2LoginConfigurer
for further configuration - Throws:
java.lang.IllegalArgumentException
- if authenticationManager is null configure the default manager- Since:
- 5.3
-
relyingPartyRegistrationRepository
public Saml2LoginConfigurer relyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository repo)
Sets theRelyingPartyRegistrationRepository
of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.- Parameters:
repo
- the repository of relying parties- Returns:
- the
Saml2LoginConfigurer
for further configuration
-
loginPage
public Saml2LoginConfigurer<B> loginPage(java.lang.String loginPage)
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
WebSecurityConfigurerAdapter
, users are required to process the specified URL to generate a login page.- Overrides:
loginPage
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
-
loginProcessingUrl
public Saml2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to validate the credentials.- Overrides:
loginProcessingUrl
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
- Parameters:
loginProcessingUrl
- the URL to validate username and password- Returns:
- the
FormLoginConfigurer
for additional customization
-
createLoginProcessingUrlMatcher
protected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurer
Create theRequestMatcher
given a loginProcessingUrl- Specified by:
createLoginProcessingUrlMatcher
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
- Parameters:
loginProcessingUrl
- creates theRequestMatcher
based upon the loginProcessingUrl- Returns:
- the
RequestMatcher
to use based upon the loginProcessingUrl
-
init
public void init(B http) throws java.lang.Exception
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here. Initializes this filter chain for SAML 2 Login. The following actions are taken:- The WebSSO endpoint has CSRF disabled, typically
/login/saml2/sso
- A
is configured
- The
loginProcessingUrl
is set - A custom login page is configured, or
- A default login page with all SAML 2.0 Identity Providers is configured
- An
AuthenticationProvider
is configured
- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Overrides:
init
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
- Throws:
java.lang.Exception
- The WebSSO endpoint has CSRF disabled, typically
-
configure
public void configure(B http) throws java.lang.Exception
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
. During theconfigure
phase, aSaml2WebSsoAuthenticationRequestFilter
is added to handle SAML 2.0 AuthNRequest redirects- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Overrides:
configure
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
- Throws:
java.lang.Exception
-
-