Package org.springframework.security.saml2.provider.service.web.authentication.logout

Class Saml2LogoutResponseFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class Saml2LogoutResponseFilter
extends org.springframework.web.filter.OncePerRequestFilter

A filter for handling a <saml2:LogoutResponse> sent from the asserting party. A <saml2:LogoutResponse> is sent in response to a <saml2:LogoutRequest> already sent by the relying party. Note that before a <saml2:LogoutRequest> is sent, the user is logged out. Given that, this implementation should not use any LogoutSuccessHandler that relies on the user being logged in.

Since:

5.6

See Also:

• Saml2LogoutRequestRepository
• Saml2LogoutResponseValidator

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Constructor Summary

Constructors

Constructor	Description
Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, LogoutSuccessHandler logoutSuccessHandler)
Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, LogoutSuccessHandler logoutSuccessHandler)	Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain)
void	setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher)
void	setLogoutRequestRepository(Saml2LogoutRequestRepository logoutRequestRepository)	Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Saml2LogoutResponseFilter

public Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations,
 Saml2LogoutResponseValidator logoutResponseValidator,
 LogoutSuccessHandler logoutSuccessHandler)

Saml2LogoutResponseFilter

public Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver,
 Saml2LogoutResponseValidator logoutResponseValidator,
 LogoutSuccessHandler logoutSuccessHandler)

Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party

Parameters:

relyingPartyRegistrationResolver - the strategy for resolving a RelyingPartyRegistration

logoutResponseValidator - authenticates the SAML 2.0 Logout Response

logoutSuccessHandler - the action to perform now that logout has succeeded

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain chain)
                         throws jakarta.servlet.ServletException,
IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

IOException

setLogoutRequestMatcher

public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher)

setLogoutRequestRepository

public void setLogoutRequestRepository(Saml2LogoutRequestRepository logoutRequestRepository)

Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState

Parameters:

logoutRequestRepository - the Saml2LogoutRequestRepository to use