Package org.springframework.security.saml2.provider.service.web.authentication

Class Saml2WebSsoAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class Saml2WebSsoAuthenticationFilter
extends AbstractAuthenticationProcessingFilter

Since:

5.2

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_FILTER_PROCESSES_URI

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)	Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the DEFAULT_FILTER_PROCESSES_URI processing URL
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, String filterProcessesUrl)	Creates a Saml2WebSsoAuthenticationFilter authentication filter
Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, String filterProcessesUrl)	Creates a Saml2WebSsoAuthenticationFilter given the provided parameters

Method Summary

Modifier and Type	Method	Description
Authentication	attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Performs actual authentication.
protected boolean	requiresAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Indicates whether this filter should attempt to process a login request for the current invocation.
void	setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)	Use the given Saml2AuthenticationRequestRepository to remove the saved authentication request.

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_FILTER_PROCESSES_URI

public static final String DEFAULT_FILTER_PROCESSES_URI

See Also:

• Constant Field Values

Constructor Details

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository)

Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the DEFAULT_FILTER_PROCESSES_URI processing URL

Parameters:

relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository,
 String filterProcessesUrl)

Creates a Saml2WebSsoAuthenticationFilter authentication filter

Parameters:

relyingPartyRegistrationRepository - - repository of configured SAML 2 entities. Required.

filterProcessesUrl - the processing URL, must contain a {registrationId} variable. Required.

Saml2WebSsoAuthenticationFilter

public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter,
 String filterProcessesUrl)

Creates a Saml2WebSsoAuthenticationFilter given the provided parameters

Parameters:

authenticationConverter - the strategy for converting an HttpServletRequest into an Authentication

filterProcessesUrl - the processing URL

Since:

5.4

Method Details

requiresAuthentication

protected boolean requiresAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Description copied from class: AbstractAuthenticationProcessingFilter

Indicates whether this filter should attempt to process a login request for the current invocation.

It strips any parameters from the "path" section of the request URL (such as the jsessionid parameter in https://host/myapp/index.html;jsessionid=blah) before matching against the filterProcessesUrl property.

Subclasses may override for special requirements, such as Tapestry integration.

Overrides:

requiresAuthentication in class AbstractAuthenticationProcessingFilter

Returns:

true if the filter should attempt authentication, false otherwise.

attemptAuthentication

public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
                                     throws AuthenticationException

Description copied from class: AbstractAuthenticationProcessingFilter

Performs actual authentication.

The implementation should do one of the following:

1. Return a populated authentication token for the authenticated user, indicating successful authentication
2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
3. Throw an AuthenticationException if the authentication process fails

Specified by:

attemptAuthentication in class AbstractAuthenticationProcessingFilter

Parameters:

request - from which to extract parameters and perform the authentication

response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).

Returns:

the authenticated user token, or null if authentication is incomplete.

Throws:

AuthenticationException - if authentication fails.

setAuthenticationRequestRepository

public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)

Use the given Saml2AuthenticationRequestRepository to remove the saved authentication request. If the authenticationConverter is of the type Saml2AuthenticationTokenConverter, the Saml2AuthenticationRequestRepository will also be set into the authenticationConverter.

Parameters:

authenticationRequestRepository - the Saml2AuthenticationRequestRepository to use

Since:

5.6