Class Saml2LogoutResponseFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public final class Saml2LogoutResponseFilter
extends org.springframework.web.filter.OncePerRequestFilter
A filter for handling a <saml2:LogoutResponse> sent from the asserting party. A
<saml2:LogoutResponse> is sent in response to a <saml2:LogoutRequest>
already sent by the relying party.
Note that before a <saml2:LogoutRequest> is sent, the user is logged out. Given
that, this implementation should not use any
LogoutSuccessHandler that relies
on the user being logged in.- Since:
- 5.6
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX -
Constructor Summary
ConstructorsConstructorDescriptionSaml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, LogoutSuccessHandler logoutSuccessHandler) Constructs aSaml2LogoutResponseFilterfor accepting SAML 2.0 Logout Responses from the asserting party -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) voidsetLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) voidsetLogoutRequestRepository(Saml2LogoutRequestRepository logoutRequestRepository) Use thisSaml2LogoutRequestRepositoryfor retrieving the SAML 2.0 Logout Request associated with the request'sRelayStateMethods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
Saml2LogoutResponseFilter
public Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, LogoutSuccessHandler logoutSuccessHandler) Constructs aSaml2LogoutResponseFilterfor accepting SAML 2.0 Logout Responses from the asserting party- Parameters:
relyingPartyRegistrationResolver- the strategy for resolving aRelyingPartyRegistrationlogoutResponseValidator- authenticates the SAML 2.0 Logout ResponselogoutSuccessHandler- the action to perform now that logout has succeeded
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Throws:
jakarta.servlet.ServletExceptionIOException
-
setLogoutRequestMatcher
-
setLogoutRequestRepository
Use thisSaml2LogoutRequestRepositoryfor retrieving the SAML 2.0 Logout Request associated with the request'sRelayState- Parameters:
logoutRequestRepository- theSaml2LogoutRequestRepositoryto use
-