com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder

Class AuthenticationProviderConfigurer

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder.AuthenticationProviderConfigurer

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

public class AuthenticationProviderConfigurer
extends org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Builder configurer that takes care of configuring/customizing a SAMLAuthenticationProvider for the SAML 2.0 Service Provider.

Common strategy across most internal configurers is to first give priority to a Spring Bean if present in the Context. If not SAMLAuthenticationProvider is present in the Spring Context, priority goes to a custom provider provided explicitly to this configurer through the constructor. And if not provided through the constructor, a default implementation is instantiated that is configurable through the DSL methods.

This configurer also reads the values from SAMLSSOProperties#getAuthenticationProvider() if no custom Authentication Provider is provided, for some DSL methods if they are not used. In other words, the user is able to configure the Authentication Provider through the following properties:

     saml.sso.authentication-provider.force-principal-as-string
     saml.sso.authentication-provider.exclude-credential
 

Author:

Ulises Bocchio

Constructor Summary

Constructors

Constructor and Description
AuthenticationProviderConfigurer() Default Constructor
AuthenticationProviderConfigurer(org.springframework.security.saml.SAMLAuthenticationProvider provider) Provide the provider to be used.

Method Summary

Modifier and Type	Method and Description
void	configure(ServiceProviderBuilder builder)
AuthenticationProviderConfigurer	excludeCredential(boolean excludeCredential) When false (default) the resulting Authentication object will include instance of SAMLCredential as a credential value.
AuthenticationProviderConfigurer	forcePrincipalAsString(boolean forcePrincipalAsString) By default principal in the returned Authentication object is the NameID included in the authenticated Assertion.
void	init(ServiceProviderBuilder builder)
AuthenticationProviderConfigurer	userDetailsService(org.springframework.security.saml.userdetails.SAMLUserDetailsService userDetailsService) The user details can be optionally set and is automatically called while user SAML assertion is validated.

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationProviderConfigurer

public AuthenticationProviderConfigurer(org.springframework.security.saml.SAMLAuthenticationProvider provider)

Provide the provider to be used.

Parameters:

provider - the SAMLAuthenticationProvider to be used.

AuthenticationProviderConfigurer

public AuthenticationProviderConfigurer()

Default Constructor

Method Detail

init

public void init(ServiceProviderBuilder builder)
          throws Exception

Specified by:

init in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

configure

public void configure(ServiceProviderBuilder builder)
               throws Exception

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

excludeCredential

public AuthenticationProviderConfigurer excludeCredential(boolean excludeCredential)

When false (default) the resulting Authentication object will include instance of SAMLCredential as a credential value. The credential includes information related to the authentication process, received attributes and is required for Single Logout. In case your application doesn't require the credential, it is possible to exclude it from the Authentication object by setting this flag to true. Default is false.

Alternatively use property:

      saml.sso.authentication-provider.exclude-credential
 

Parameters:

excludeCredential - false to include credential in the Authentication object, true to exclude it

Returns:

This Configurer to keep customizing the Authentication Provider

forcePrincipalAsString

public AuthenticationProviderConfigurer forcePrincipalAsString(boolean forcePrincipalAsString)

By default principal in the returned Authentication object is the NameID included in the authenticated Assertion. The NameID is not serializable. Setting this value to true will force the NameID value to be a String. Default is false.

Alternatively use property:

      saml.sso.authentication-provider.force-principal-as-string
 

Parameters:

forcePrincipalAsString - true to force principal to be a String

Returns:

This Configurer to keep customizing the Authentication Provider

userDetailsService

public AuthenticationProviderConfigurer userDetailsService(org.springframework.security.saml.userdetails.SAMLUserDetailsService userDetailsService)

The user details can be optionally set and is automatically called while user SAML assertion is validated.

Parameters:

userDetailsService - the user details service to use.

Returns:

This Configurer to keep customizing the Authentication Provider