Class Saml2WebSsoAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter
Since:
5.2
  • Field Details

  • Constructor Details

    • Saml2WebSsoAuthenticationFilter

      public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)
      Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the DEFAULT_FILTER_PROCESSES_URI processing URL
      Parameters:
      relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.
    • Saml2WebSsoAuthenticationFilter

      public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, String filterProcessesUrl)
      Creates a Saml2WebSsoAuthenticationFilter authentication filter
      Parameters:
      relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.
      filterProcessesUrl - the processing URL, must contain a {registrationId} variable. Required.
    • Saml2WebSsoAuthenticationFilter

      public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, String filterProcessesUrl)
      Creates a Saml2WebSsoAuthenticationFilter given the provided parameters
      Parameters:
      authenticationConverter - the strategy for converting an HttpServletRequest into an Authentication
      filterProcessesUrl - the processing URL
      Since:
      5.4
  • Method Details

    • requiresAuthentication

      protected boolean requiresAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Description copied from class: AbstractAuthenticationProcessingFilter
      Indicates whether this filter should attempt to process a login request for the current invocation.

      It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in https://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

      Subclasses may override for special requirements, such as Tapestry integration.

      Overrides:
      requiresAuthentication in class AbstractAuthenticationProcessingFilter
      Returns:
      true if the filter should attempt authentication, false otherwise.
    • attemptAuthentication

      public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException
      Description copied from class: AbstractAuthenticationProcessingFilter
      Performs actual authentication.

      The implementation should do one of the following:

      1. Return a populated authentication token for the authenticated user, indicating successful authentication
      2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
      3. Throw an AuthenticationException if the authentication process fails
      Specified by:
      attemptAuthentication in class AbstractAuthenticationProcessingFilter
      Parameters:
      request - from which to extract parameters and perform the authentication
      response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).
      Returns:
      the authenticated user token, or null if authentication is incomplete.
      Throws:
      AuthenticationException - if authentication fails.
    • setAuthenticationRequestRepository

      public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)
      Use the given Saml2AuthenticationRequestRepository to remove the saved authentication request. If the authenticationConverter is of the type Saml2AuthenticationTokenConverter, the Saml2AuthenticationRequestRepository will also be set into the authenticationConverter.
      Parameters:
      authenticationRequestRepository - the Saml2AuthenticationRequestRepository to use
      Since:
      5.6