Package org.springframework.security.saml2.provider.service.authentication

Class Saml2AuthenticationToken

java.lang.Object

org.springframework.security.authentication.AbstractAuthenticationToken

org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

All Implemented Interfaces:

Serializable, Principal, Authentication, CredentialsContainer

public class Saml2AuthenticationToken
extends AbstractAuthenticationToken

Represents an incoming SAML 2.0 response containing an assertion that has not been validated. isAuthenticated() will always return false.

Since:

5.2

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response)	Creates a Saml2AuthenticationToken with the provided parameters Note that the given RelyingPartyRegistration should have all its templates resolved at this point.
Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration, String saml2Response, AbstractSaml2AuthenticationRequest authenticationRequest)	Creates a Saml2AuthenticationToken with the provided parameters.

Method Summary

Modifier and Type	Method	Description
AbstractSaml2AuthenticationRequest	getAuthenticationRequest()	Returns the authentication request sent to the assertion party or null if no authentication request is present
Object	getCredentials()	Returns the decoded and inflated SAML 2.0 Response XML object as a string
Object	getPrincipal()	Always returns null.
RelyingPartyRegistration	getRelyingPartyRegistration()	Get the resolved RelyingPartyRegistration associated with the request
String	getSaml2Response()	Returns inflated and decoded XML representation of the SAML 2 Response
boolean	isAuthenticated()	Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager.
void	setAuthenticated(boolean authenticated)	The state of this object cannot be changed.

Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken

equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Details

Saml2AuthenticationToken

public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration,
 String saml2Response,
 AbstractSaml2AuthenticationRequest authenticationRequest)

Creates a Saml2AuthenticationToken with the provided parameters. Note that the given RelyingPartyRegistration should have all its templates resolved at this point. See Saml2WebSsoAuthenticationFilter for an example of performing that resolution.

Parameters:

relyingPartyRegistration - the resolved RelyingPartyRegistration to use

saml2Response - the SAML 2.0 response to authenticate

authenticationRequest - the AuthNRequest sent to the asserting party

Since:

5.6

Saml2AuthenticationToken

public Saml2AuthenticationToken(RelyingPartyRegistration relyingPartyRegistration,
 String saml2Response)

Creates a Saml2AuthenticationToken with the provided parameters Note that the given RelyingPartyRegistration should have all its templates resolved at this point. See Saml2WebSsoAuthenticationFilter for an example of performing that resolution.

Parameters:

relyingPartyRegistration - the resolved RelyingPartyRegistration to use

saml2Response - the SAML 2.0 response to authenticate

Since:

5.4

Method Details

getCredentials

public Object getCredentials()

Returns the decoded and inflated SAML 2.0 Response XML object as a string

Returns:

decoded and inflated XML data as a String

getPrincipal

public Object getPrincipal()

Always returns null.

Returns:

null

getRelyingPartyRegistration

public RelyingPartyRegistration getRelyingPartyRegistration()

Get the resolved RelyingPartyRegistration associated with the request

Returns:

the resolved RelyingPartyRegistration

Since:

5.4

getSaml2Response

public String getSaml2Response()

Returns inflated and decoded XML representation of the SAML 2 Response

Returns:

inflated and decoded XML representation of the SAML 2 Response

isAuthenticated

public boolean isAuthenticated()

Description copied from interface: Authentication

Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager. Typically an AuthenticationManager (or, more often, one of its AuthenticationProviders) will return an immutable authentication token after successful authentication, in which case that token can safely return true to this method. Returning true will improve performance, as calling the AuthenticationManager for every request will no longer be necessary.

For security reasons, implementations of this interface should be very careful about returning true from this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.

Specified by:

isAuthenticated in interface Authentication

Overrides:

isAuthenticated in class AbstractAuthenticationToken

Returns:

false

setAuthenticated

public void setAuthenticated(boolean authenticated)

The state of this object cannot be changed. Will always throw an exception

Specified by:

setAuthenticated in interface Authentication

Overrides:

setAuthenticated in class AbstractAuthenticationToken

Parameters:

authenticated - ignored

getAuthenticationRequest

public AbstractSaml2AuthenticationRequest getAuthenticationRequest()

Returns the authentication request sent to the assertion party or null if no authentication request is present

Returns:

the authentication request sent to the assertion party

Since:

5.6