Package org.springframework.security.saml2.provider.service.servlet.filter

Class Saml2WebSsoAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class Saml2WebSsoAuthenticationFilter
extends AbstractAuthenticationProcessingFilter

Since:

5.2

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	DEFAULT_FILTER_PROCESSES_URI

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)	Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the DEFAULT_FILTER_PROCESSES_URI processing URL
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, java.lang.String filterProcessesUrl)	Creates a Saml2WebSsoAuthenticationFilter authentication filter
Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, java.lang.String filterProcessesUrl)	Creates a Saml2WebSsoAuthenticationFilter given the provided parameters

Method Summary

Modifier and Type	Method	Description
Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Performs actual authentication.
protected boolean	requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Indicates whether this filter should attempt to process a login request for the current invocation.

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_FILTER_PROCESSES_URI

public static final java.lang.String DEFAULT_FILTER_PROCESSES_URI

See Also:

Constant Field Values

Constructor Detail

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)

Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the DEFAULT_FILTER_PROCESSES_URI processing URL

Parameters:

relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
                                       java.lang.String filterProcessesUrl)

Creates a Saml2WebSsoAuthenticationFilter authentication filter

Parameters:

relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.

filterProcessesUrl - the processing URL, must contain a {registrationId} variable. Required.

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter,
                                       java.lang.String filterProcessesUrl)

Creates a Saml2WebSsoAuthenticationFilter given the provided parameters

Parameters:

authenticationConverter - the strategy for converting an HttpServletRequest into an Authentication

filterProcessesUrl - the processing URL

Since:

5.4

Method Detail

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

Description copied from class: AbstractAuthenticationProcessingFilter

Indicates whether this filter should attempt to process a login request for the current invocation.

It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in https://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

Subclasses may override for special requirements, such as Tapestry integration.

Overrides:

requiresAuthentication in class AbstractAuthenticationProcessingFilter

Returns:

true if the filter should attempt authentication, false otherwise.

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)
                                     throws AuthenticationException

Description copied from class: AbstractAuthenticationProcessingFilter

Performs actual authentication.

The implementation should do one of the following:

1. Return a populated authentication token for the authenticated user, indicating successful authentication
2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
3. Throw an AuthenticationException if the authentication process fails

Specified by:

attemptAuthentication in class AbstractAuthenticationProcessingFilter

Parameters:

request - from which to extract parameters and perform the authentication

response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OpenID).

Returns:

the authenticated user token, or null if authentication is incomplete.

Throws:

AuthenticationException - if authentication fails.