Class Saml2AuthenticationToken
- java.lang.Object
-
- org.springframework.security.authentication.AbstractAuthenticationToken
-
- org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
- All Implemented Interfaces:
java.io.Serializable
,java.security.Principal
,Authentication
,CredentialsContainer
public class Saml2AuthenticationToken extends AbstractAuthenticationToken
Represents an incoming SAML 2.0 response containing an assertion that has not been validated.isAuthenticated()
will always return false.- Since:
- 5.2
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description Saml2AuthenticationToken(java.lang.String saml2Response, java.lang.String recipientUri, java.lang.String idpEntityId, java.lang.String localSpEntityId, java.util.List<Saml2X509Credential> credentials)
Deprecated.Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, java.lang.String saml2Response)
Creates aSaml2AuthenticationToken
with the provided parameters Note that the givenRelyingPartyRegistration
should have all its templates resolved at this point.Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, java.lang.String saml2Response, AbstractSaml2AuthenticationRequest authenticationRequest)
Creates aSaml2AuthenticationToken
with the provided parameters.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description AbstractSaml2AuthenticationRequest
getAuthenticationRequest()
Returns the authentication request sent to the assertion party ornull
if no authentication request is presentjava.lang.Object
getCredentials()
Returns the decoded and inflated SAML 2.0 Response XML object as a stringjava.lang.String
getIdpEntityId()
Deprecated.UsegetRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()
insteadjava.lang.String
getLocalSpEntityId()
Deprecated.UsegetRelyingPartyRegistration().getEntityId()
insteadjava.lang.Object
getPrincipal()
Always returns null.java.lang.String
getRecipientUri()
Deprecated.UsegetRelyingPartyRegistration().getAssertionConsumerServiceLocation()
insteadRelyingPartyRegistration
getRelyingPartyRegistration()
Get the resolvedRelyingPartyRegistration
associated with the requestjava.lang.String
getSaml2Response()
Returns inflated and decoded XML representation of the SAML 2 Responsejava.util.List<Saml2X509Credential>
getX509Credentials()
Deprecated.Get the credentials throughgetRelyingPartyRegistration()
insteadboolean
isAuthenticated()
Used to indicate toAbstractSecurityInterceptor
whether it should present the authentication token to theAuthenticationManager
.void
setAuthenticated(boolean authenticated)
The state of this object cannot be changed.-
Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, setDetails, toString
-
-
-
-
Constructor Detail
-
Saml2AuthenticationToken
public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, java.lang.String saml2Response, AbstractSaml2AuthenticationRequest authenticationRequest)
Creates aSaml2AuthenticationToken
with the provided parameters. Note that the givenRelyingPartyRegistration
should have all its templates resolved at this point. SeeSaml2WebSsoAuthenticationFilter
for an example of performing that resolution.- Parameters:
relyingPartyRegistration
- the resolvedRelyingPartyRegistration
to usesaml2Response
- the SAML 2.0 response to authenticateauthenticationRequest
- theAuthNRequest
sent to the asserting party- Since:
- 5.6
-
Saml2AuthenticationToken
public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, java.lang.String saml2Response)
Creates aSaml2AuthenticationToken
with the provided parameters Note that the givenRelyingPartyRegistration
should have all its templates resolved at this point. SeeSaml2WebSsoAuthenticationFilter
for an example of performing that resolution.- Parameters:
relyingPartyRegistration
- the resolvedRelyingPartyRegistration
to usesaml2Response
- the SAML 2.0 response to authenticate- Since:
- 5.4
-
Saml2AuthenticationToken
@Deprecated public Saml2AuthenticationToken(java.lang.String saml2Response, java.lang.String recipientUri, java.lang.String idpEntityId, java.lang.String localSpEntityId, java.util.List<Saml2X509Credential> credentials)
Deprecated.Creates an authentication token from an incoming SAML 2 Response object- Parameters:
saml2Response
- inflated and decoded XML representation of the SAML 2 ResponserecipientUri
- the URL that the SAML 2 Response was received at. Used for validationidpEntityId
- the entity ID of the asserting entitylocalSpEntityId
- the configured local SP, the relying party, entity IDcredentials
- the credentials configured for signature verification and decryption
-
-
Method Detail
-
getCredentials
public java.lang.Object getCredentials()
Returns the decoded and inflated SAML 2.0 Response XML object as a string- Returns:
- decoded and inflated XML data as a
String
-
getPrincipal
public java.lang.Object getPrincipal()
Always returns null.- Returns:
- null
-
getRelyingPartyRegistration
public RelyingPartyRegistration getRelyingPartyRegistration()
Get the resolvedRelyingPartyRegistration
associated with the request- Returns:
- the resolved
RelyingPartyRegistration
- Since:
- 5.4
-
getSaml2Response
public java.lang.String getSaml2Response()
Returns inflated and decoded XML representation of the SAML 2 Response- Returns:
- inflated and decoded XML representation of the SAML 2 Response
-
getRecipientUri
@Deprecated public java.lang.String getRecipientUri()
Deprecated.UsegetRelyingPartyRegistration().getAssertionConsumerServiceLocation()
insteadReturns the URI that the SAML 2 Response object came in on- Returns:
- URI as a string
-
getLocalSpEntityId
@Deprecated public java.lang.String getLocalSpEntityId()
Deprecated.UsegetRelyingPartyRegistration().getEntityId()
insteadReturns the configured entity ID of the receiving relying party, SP- Returns:
- an entityID for the configured local relying party
-
getX509Credentials
@Deprecated public java.util.List<Saml2X509Credential> getX509Credentials()
Deprecated.Get the credentials throughgetRelyingPartyRegistration()
insteadReturns all the credentials associated with the relying party configuraiton- Returns:
- all associated credentials
-
isAuthenticated
public boolean isAuthenticated()
Description copied from interface:Authentication
Used to indicate toAbstractSecurityInterceptor
whether it should present the authentication token to theAuthenticationManager
. Typically anAuthenticationManager
(or, more often, one of itsAuthenticationProvider
s) will return an immutable authentication token after successful authentication, in which case that token can safely returntrue
to this method. Returningtrue
will improve performance, as calling theAuthenticationManager
for every request will no longer be necessary.For security reasons, implementations of this interface should be very careful about returning
true
from this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.- Specified by:
isAuthenticated
in interfaceAuthentication
- Overrides:
isAuthenticated
in classAbstractAuthenticationToken
- Returns:
- false
-
setAuthenticated
public void setAuthenticated(boolean authenticated)
The state of this object cannot be changed. Will always throw an exception- Specified by:
setAuthenticated
in interfaceAuthentication
- Overrides:
setAuthenticated
in classAbstractAuthenticationToken
- Parameters:
authenticated
- ignored
-
getIdpEntityId
@Deprecated public java.lang.String getIdpEntityId()
Deprecated.UsegetRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()
insteadReturns the configured IDP, asserting party, entity ID- Returns:
- a string representing the entity ID
-
getAuthenticationRequest
public AbstractSaml2AuthenticationRequest getAuthenticationRequest()
Returns the authentication request sent to the assertion party ornull
if no authentication request is present- Returns:
- the authentication request sent to the assertion party
- Since:
- 5.6
-
-