Class Saml2WebSsoAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
- Since:
- 5.2
-
Field Summary
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionSaml2WebSsoAuthenticationFilter
(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) Creates aSaml2WebSsoAuthenticationFilter
authentication filter that is configured to use theDEFAULT_FILTER_PROCESSES_URI
processing URLSaml2WebSsoAuthenticationFilter
(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, String filterProcessesUrl) Creates aSaml2WebSsoAuthenticationFilter
authentication filterSaml2WebSsoAuthenticationFilter
(AuthenticationConverter authenticationConverter, String filterProcessesUrl) Creates aSaml2WebSsoAuthenticationFilter
given the provided parameters -
Method Summary
Modifier and TypeMethodDescriptionattemptAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Performs actual authentication.protected boolean
requiresAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Indicates whether this filter should attempt to process a login request for the current invocation.void
setAuthenticationRequestRepository
(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository) Use the givenSaml2AuthenticationRequestRepository
to remove the saved authentication request.Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
DEFAULT_FILTER_PROCESSES_URI
- See Also:
-
-
Constructor Details
-
Saml2WebSsoAuthenticationFilter
public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) Creates aSaml2WebSsoAuthenticationFilter
authentication filter that is configured to use theDEFAULT_FILTER_PROCESSES_URI
processing URL- Parameters:
relyingPartyRegistrationRepository
- - repository of configured SAML 2 entities. Required.
-
Saml2WebSsoAuthenticationFilter
public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, String filterProcessesUrl) Creates aSaml2WebSsoAuthenticationFilter
authentication filter- Parameters:
relyingPartyRegistrationRepository
- - repository of configured SAML 2 entities. Required.filterProcessesUrl
- the processing URL, must contain a {registrationId} variable. Required.
-
Saml2WebSsoAuthenticationFilter
public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, String filterProcessesUrl) Creates aSaml2WebSsoAuthenticationFilter
given the provided parameters- Parameters:
authenticationConverter
- the strategy for converting anHttpServletRequest
into anAuthentication
filterProcessesUrl
- the processing URL- Since:
- 5.4
-
-
Method Details
-
requiresAuthentication
protected boolean requiresAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from class:AbstractAuthenticationProcessingFilter
Indicates whether this filter should attempt to process a login request for the current invocation.It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in https://host/myapp/index.html;jsessionid=blah) before matching against the
filterProcessesUrl
property.Subclasses may override for special requirements, such as Tapestry integration.
- Overrides:
requiresAuthentication
in classAbstractAuthenticationProcessingFilter
- Returns:
true
if the filter should attempt authentication,false
otherwise.
-
attemptAuthentication
public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException Description copied from class:AbstractAuthenticationProcessingFilter
Performs actual authentication.The implementation should do one of the following:
- Return a populated authentication token for the authenticated user, indicating successful authentication
- Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
- Throw an AuthenticationException if the authentication process fails
- Specified by:
attemptAuthentication
in classAbstractAuthenticationProcessingFilter
- Parameters:
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).- Returns:
- the authenticated user token, or null if authentication is incomplete.
- Throws:
AuthenticationException
- if authentication fails.
-
setAuthenticationRequestRepository
public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository) Use the givenSaml2AuthenticationRequestRepository
to remove the saved authentication request. If theauthenticationConverter
is of the typeSaml2AuthenticationTokenConverter
, theSaml2AuthenticationRequestRepository
will also be set into theauthenticationConverter
.- Parameters:
authenticationRequestRepository
- theSaml2AuthenticationRequestRepository
to use- Since:
- 5.6
-