Package org.springframework.security.config.annotation.web.configurers.saml2

Class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<Saml2LogoutConfigurer<H>,H>

org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer<H>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<Saml2LogoutConfigurer<H>,H>

Adds SAML 2.0 logout support.

Security Filters

The following Filters are populated

• LogoutFilter
• Saml2LogoutRequestFilter
• Saml2LogoutResponseFilter

The following configuration options are available:

• logoutUrl - The URL to to process SAML 2.0 Logout
• Saml2LogoutConfigurer.LogoutRequestConfigurer.logoutRequestValidator - The AuthenticationManager for authenticating SAML 2.0 Logout Requests
• Saml2LogoutConfigurer.LogoutRequestConfigurer.logoutRequestResolver - The Saml2LogoutRequestResolver for creating SAML 2.0 Logout Requests
• Saml2LogoutConfigurer.LogoutRequestConfigurer.logoutRequestRepository - The Saml2LogoutRequestRepository for storing SAML 2.0 Logout Requests
• Saml2LogoutConfigurer.LogoutResponseConfigurer.logoutResponseValidator - The AuthenticationManager for authenticating SAML 2.0 Logout Responses
• Saml2LogoutConfigurer.LogoutResponseConfigurer.logoutResponseResolver - The Saml2LogoutResponseResolver for creating SAML 2.0 Logout Responses

Shared Objects Created

No shared Objects are created

Shared Objects Used

Uses CsrfTokenRepository to add the CsrfLogoutHandler.

Since:

5.6

See Also:

• Saml2LogoutConfigurer

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
final class	Saml2LogoutConfigurer.LogoutRequestConfigurer	A configurer for SAML 2.0 LogoutRequest components
final class	Saml2LogoutConfigurer.LogoutResponseConfigurer

Constructor Summary

Constructors

Constructor	Description
Saml2LogoutConfigurer(org.springframework.context.ApplicationContext context)	Creates a new instance

Method Summary

Modifier and Type	Method	Description
void	configure(H http)	Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
Saml2LogoutConfigurer<H>.LogoutRequestConfigurer	logoutRequest()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
Saml2LogoutConfigurer<H>	logoutRequest(Customizer<Saml2LogoutConfigurer<H>.LogoutRequestConfigurer> logoutRequestConfigurerCustomizer)	Configures SAML 2.0 Logout Request components
Saml2LogoutConfigurer<H>.LogoutResponseConfigurer	logoutResponse()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
Saml2LogoutConfigurer<H>	logoutResponse(Customizer<Saml2LogoutConfigurer<H>.LogoutResponseConfigurer> logoutResponseConfigurerCustomizer)	Configures SAML 2.0 Logout Response components
Saml2LogoutConfigurer<H>	logoutUrl(String logoutUrl)	The URL by which the relying or asserting party can trigger logout.
Saml2LogoutConfigurer<H>	relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)	Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Saml2LogoutConfigurer

public Saml2LogoutConfigurer(org.springframework.context.ApplicationContext context)

Creates a new instance

See Also:

• HttpSecurity.logout()

Method Details

logoutUrl

public Saml2LogoutConfigurer<H> logoutUrl(String logoutUrl)

The URL by which the relying or asserting party can trigger logout.

The Relying Party triggers logout by POSTing to the endpoint. The Asserting Party triggers logout based on what is specified by RelyingPartyRegistration.getSingleLogoutServiceBindings().

Parameters:

logoutUrl - the URL that will invoke logout

Returns:

the LogoutConfigurer for further customizations

See Also:

• LogoutConfigurer.logoutUrl(String)
• HttpSecurity.csrf()

relyingPartyRegistrationRepository

public Saml2LogoutConfigurer<H> relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

Parameters:

repo - the repository of relying parties

Returns:

the Saml2LogoutConfigurer for further customizations

logoutRequest

@Deprecated(since="6.1",
            forRemoval=true)
public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequest()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Get configurer for SAML 2.0 Logout Request components

Returns:

the Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>.LogoutRequestConfigurer for further customizations

logoutRequest

public Saml2LogoutConfigurer<H> logoutRequest(Customizer<Saml2LogoutConfigurer<H>.LogoutRequestConfigurer> logoutRequestConfigurerCustomizer)

Configures SAML 2.0 Logout Request components

Parameters:

logoutRequestConfigurerCustomizer - the Customizer to provide more options for the Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>.LogoutRequestConfigurer

Returns:

the Saml2LogoutConfigurer for further customizations

logoutResponse

@Deprecated(since="6.1",
            forRemoval=true)
public Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutResponse()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Get configurer for SAML 2.0 Logout Response components

Returns:

the Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>.LogoutResponseConfigurer for further customizations

logoutResponse

public Saml2LogoutConfigurer<H> logoutResponse(Customizer<Saml2LogoutConfigurer<H>.LogoutResponseConfigurer> logoutResponseConfigurerCustomizer)

Configures SAML 2.0 Logout Response components

Parameters:

logoutResponseConfigurerCustomizer - the Customizer to provide more options for the Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>.LogoutResponseConfigurer

Returns:

the Saml2LogoutConfigurer for further customizations

configure

public void configure(H http)
               throws Exception

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

Exception