Class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
-
- org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer<B>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,B>
public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
AnAbstractHttpConfigurerfor SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.
Defaults are provided for all configuration options with the only required configuration being
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository). Alternatively, aRelyingPartyRegistrationRepository@Beanmay be registered instead.Security Filters
The followingFilter's are populated:Saml2WebSsoAuthenticationFilterSaml2WebSsoAuthenticationRequestFilter
Shared Objects Created
The following shared objects are populated:RelyingPartyRegistrationRepository(required)Saml2AuthenticationRequestFactory(optional)
Shared Objects Used
The following shared objects are used:RelyingPartyRegistrationRepository(required)Saml2AuthenticationRequestFactory(optional)DefaultLoginPageGeneratingFilter- ifloginPage(String)is not configured andDefaultLoginPageGeneratingFilteris available, than a default login page will be made available
- Since:
- 5.2
- See Also:
HttpSecurity.saml2Login(),Saml2WebSsoAuthenticationFilter,Saml2WebSsoAuthenticationRequestFilter,RelyingPartyRegistrationRepository,AbstractAuthenticationFilterConfigurer
-
-
Constructor Summary
Constructors Constructor Description Saml2LoginConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Saml2LoginConfigurer<B>authenticationConverter(AuthenticationConverter authenticationConverter)Use thisAuthenticationConverterwhen converting incoming requests to anAuthentication.Saml2LoginConfigurer<B>authenticationManager(AuthenticationManager authenticationManager)Allows a configuration of aAuthenticationManagerto be used during SAML 2 authentication.voidconfigure(B http)Configure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.protected RequestMatchercreateLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)Create theRequestMatchergiven a loginProcessingUrlvoidinit(B http)Initialize theSecurityBuilder.Saml2LoginConfigurer<B>loginPage(java.lang.String loginPage)Specifies the URL to send users to if login is required.Saml2LoginConfigurer<B>loginProcessingUrl(java.lang.String loginProcessingUrl)Specifies the URL to validate the credentials.Saml2LoginConfigurerrelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository repo)Sets theRelyingPartyRegistrationRepositoryof relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Method Detail
-
authenticationConverter
public Saml2LoginConfigurer<B> authenticationConverter(AuthenticationConverter authenticationConverter)
Use thisAuthenticationConverterwhen converting incoming requests to anAuthentication. By default theSaml2AuthenticationTokenConverteris used.- Parameters:
authenticationConverter- theAuthenticationConverterto use- Returns:
- the
Saml2LoginConfigurerfor further configuration - Since:
- 5.4
-
authenticationManager
public Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager)
Allows a configuration of aAuthenticationManagerto be used during SAML 2 authentication. If none is specified, the system will create one inject it into theSaml2WebSsoAuthenticationFilter- Parameters:
authenticationManager- the authentication manager to be used- Returns:
- the
Saml2LoginConfigurerfor further configuration - Throws:
java.lang.IllegalArgumentException- if authenticationManager is null configure the default manager- Since:
- 5.3
-
relyingPartyRegistrationRepository
public Saml2LoginConfigurer relyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository repo)
Sets theRelyingPartyRegistrationRepositoryof relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.- Parameters:
repo- the repository of relying parties- Returns:
- the
Saml2LoginConfigurerfor further configuration
-
loginPage
public Saml2LoginConfigurer<B> loginPage(java.lang.String loginPage)
Description copied from class:AbstractAuthenticationFilterConfigurerSpecifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdaptera default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page.- Overrides:
loginPagein classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
-
loginProcessingUrl
public Saml2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurerSpecifies the URL to validate the credentials.- Overrides:
loginProcessingUrlin classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>- Parameters:
loginProcessingUrl- the URL to validate username and password- Returns:
- the
FormLoginConfigurerfor additional customization
-
createLoginProcessingUrlMatcher
protected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurerCreate theRequestMatchergiven a loginProcessingUrl- Specified by:
createLoginProcessingUrlMatcherin classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>- Parameters:
loginProcessingUrl- creates theRequestMatcherbased upon the loginProcessingUrl- Returns:
- the
RequestMatcherto use based upon the loginProcessingUrl
-
init
public void init(B http) throws java.lang.Exception
Initialize theSecurityBuilder. Here only shared state should be created and modified, but not properties on theSecurityBuilderused for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)method uses the correct shared objects when building. Configurers should be applied here. Initializes this filter chain for SAML 2 Login. The following actions are taken:- The WebSSO endpoint has CSRF disabled, typically
/login/saml2/sso - A
is configured - The
loginProcessingUrlis set - A custom login page is configured, or
- A default login page with all SAML 2.0 Identity Providers is configured
- An
AuthenticationProvideris configured
- Specified by:
initin interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>- Overrides:
initin classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>- Throws:
java.lang.Exception
- The WebSSO endpoint has CSRF disabled, typically
-
configure
public void configure(B http) throws java.lang.Exception
Configure theSecurityBuilderby setting the necessary properties on theSecurityBuilder. During theconfigurephase, aSaml2WebSsoAuthenticationRequestFilteris added to handle SAML 2.0 AuthNRequest redirects- Specified by:
configurein interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>- Overrides:
configurein classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>- Throws:
java.lang.Exception
-
-