com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder

Class SSOConfigurer

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder.SSOConfigurer

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

public class SSOConfigurer
extends org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Builder configurer that takes care of configuring/customizing the SAMLProcessingFilter, SAMLWebSSOHoKProcessingFilter, SAMLDiscovery, and SAMLEntryPoint bean.

This configurer always instantiates its own SAMLProcessingFilter, SAMLWebSSOHoKProcessingFilter, SAMLDiscovery, and SAMLEntryPoint based on the specified configuration.

This configurer also reads the values from SAMLSSOProperties for some DSL methods if they are not used. In other words, the user is able to configure the filters through the following properties:

     saml.sso.default-success-url
     saml.sso.default-failure-url
     saml.sso.sso-processing-url
     saml.sso.enable-sso-hok
     saml.sso.discovery-processing-url
     saml.sso.idp-selection-page-url
     saml.sso.sso-login-url
     saml.sso.profile-options.binding
     saml.sso.profile-options.allowed-idps
     saml.sso.profile-options.provider-name
     saml.sso.profile-options.assertion-consumer-index
     saml.sso.profile-options.name-id
     saml.sso.profile-options.allow-create
     saml.sso.profile-options.passive
     saml.sso.profile-options.force-authn
     saml.sso.profile-options.include-scoping
     saml.sso.profile-options.proxy-count
     saml.sso.profile-options.relay-state
     saml.sso.profile-options.authn-contexts
     saml.sso.profile-options.authn-context-comparison

 

Author:

Ulises Bocchio

Constructor Summary

Constructors

Constructor and Description
SSOConfigurer()

Method Summary

Modifier and Type	Method and Description
void	configure(ServiceProviderBuilder builder)
protected org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler	createDefaultFailureHandler()
protected org.springframework.security.saml.SAMLDiscovery	createDefaultSamlDiscoveryFilter()
protected org.springframework.security.saml.SAMLEntryPoint	createDefaultSamlEntryPoint()
protected org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter	createDefaultSamlHoKProcessingFilter()
protected org.springframework.security.saml.SAMLProcessingFilter	createDefaultSamlProcessingFilter()
protected org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler	createDefaultSuccessHandler()
SSOConfigurer	defaultFailureURL(String defaultFailureURL) The URL which will be used as the failure destination.
SSOConfigurer	defaultSuccessURL(String defaultSuccessURL) Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true.
SSOConfigurer	discoveryProcessingURL(String discoveryProcessingURL) The URL that the SAMLDiscovery filter will be listening to.
SSOConfigurer	enableSsoHoK(boolean enableSsoHoK) Whether to enable the SAMLWebSSOHoKProcessingFilter filter or not.
SSOConfigurer	failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler) Provide a specific AuthenticationFailureHandler to be invoked on unsuccessful authentication.
SSOConfigurer	idpSelectionPageURL(String idpSelectionPageURL) Sets path where request dispatcher will send user for IDP selection.
void	init(ServiceProviderBuilder builder)
SSOConfigurer	profileOptions(org.springframework.security.saml.websso.WebSSOProfileOptions profileOptions) Provide a specific WebSSOProfileOptions options.
SSOConfigurer	samlEntryPoint(org.springframework.security.saml.SAMLEntryPoint samlEntryPoint) Provide a specific SAMLEntryPoint.
SSOConfigurer	ssoHoKProcessingURL(String ssoHoKProcessingURL) The URL that the SAMLWebSSOHoKProcessingFilter will be listening to.
SSOConfigurer	ssoLoginURL(String ssoLoginURL) The URL that the SAMLEntryPoint filter will be listening to.
SSOConfigurer	ssoProcessingURL(String ssoProcessingURL) The URL that the SAMLProcessingFilter will be listening to.
SSOConfigurer	successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler) Provide a specific AuthenticationSuccessHandler to be invoked on successful authentication.

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSOConfigurer

public SSOConfigurer()

Method Detail

init

public void init(ServiceProviderBuilder builder)
          throws Exception

Specified by:

init in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

configure

public void configure(ServiceProviderBuilder builder)
               throws Exception

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

createDefaultSamlHoKProcessingFilter

protected org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter createDefaultSamlHoKProcessingFilter()

createDefaultSamlEntryPoint

protected org.springframework.security.saml.SAMLEntryPoint createDefaultSamlEntryPoint()

createDefaultSamlDiscoveryFilter

protected org.springframework.security.saml.SAMLDiscovery createDefaultSamlDiscoveryFilter()

createDefaultSamlProcessingFilter

protected org.springframework.security.saml.SAMLProcessingFilter createDefaultSamlProcessingFilter()

createDefaultFailureHandler

protected org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler createDefaultFailureHandler()

createDefaultSuccessHandler

protected org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler createDefaultSuccessHandler()

samlEntryPoint

public SSOConfigurer samlEntryPoint(org.springframework.security.saml.SAMLEntryPoint samlEntryPoint)

Provide a specific SAMLEntryPoint.

Parameters:

samlEntryPoint - the actual entry point.

Returns:

this configurer for further customization

defaultSuccessURL

public SSOConfigurer defaultSuccessURL(String defaultSuccessURL)

Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true. If not set, defaults to /. It will be treated as relative to the web-app's context path, and should include the leading /. Alternatively, inclusion of a scheme name (such as "http://" or "https://") as the prefix will denote a fully-qualified URL and this is also supported. Not Relevant if successHandler(AuthenticationSuccessHandler) is used.

Alternatively use property:

      saml.sso.default-success-url
 

Parameters:

defaultSuccessURL - the default target URL

Returns:

this configurer for further customization

successHandler

public SSOConfigurer successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)

Provide a specific AuthenticationSuccessHandler to be invoked on successful authentication. Overrides value set by defaultSuccessURL(String).

Parameters:

successHandler - the actual success handler.

Returns:

this configurer for further customization

defaultFailureURL

public SSOConfigurer defaultFailureURL(String defaultFailureURL)

The URL which will be used as the failure destination. Not relevant if using failureHandler(AuthenticationFailureHandler). Default is "/error".

Alternatively use property:

      saml.sso.default-failure-url
 

Parameters:

defaultFailureURL - the failure URL, for example "/loginFailed.jsp".

Returns:

this configurer for further customization

failureHandler

public SSOConfigurer failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler)

Provide a specific AuthenticationFailureHandler to be invoked on unsuccessful authentication. Overrides value set by defaultFailureURL(String).

Parameters:

failureHandler - the actual failure handler.

Returns:

this configurer for further customization

ssoProcessingURL

public SSOConfigurer ssoProcessingURL(String ssoProcessingURL)

The URL that the SAMLProcessingFilter will be listening to. Default is "/saml/SSO".

Alternatively use property:

      saml.sso.sso-processing-url
 

Parameters:

ssoProcessingURL - the URL that the SAMLProcessingFilter will be listening to.

Returns:

this configurer for further customization

ssoHoKProcessingURL

public SSOConfigurer ssoHoKProcessingURL(String ssoHoKProcessingURL)

The URL that the SAMLWebSSOHoKProcessingFilter will be listening to. Default is "/saml/HoKSSO".

Alternatively use property:

      saml.sso.sso-hok-Processing-url
 

Parameters:

ssoHoKProcessingURL - the URL that the SAMLWebSSOHoKProcessingFilter will be listening to.

Returns:

this configurer for further customization

enableSsoHoK

public SSOConfigurer enableSsoHoK(boolean enableSsoHoK)

Whether to enable the SAMLWebSSOHoKProcessingFilter filter or not. Default is true.

Alternatively use property:

      saml.sso.enable-sso-hok
 

Parameters:

enableSsoHoK - true if HoK Filter is enabled.

Returns:

this configurer for further customization

discoveryProcessingURL

public SSOConfigurer discoveryProcessingURL(String discoveryProcessingURL)

The URL that the SAMLDiscovery filter will be listening to. Default is "/saml/discovery".

Alternatively use property:

      saml.sso.discovery-processing-url
 

Parameters:

discoveryProcessingURL - the URL that the SAMLDiscovery filter will be listening to.

Returns:

this configurer for further customization

idpSelectionPageURL

public SSOConfigurer idpSelectionPageURL(String idpSelectionPageURL)

Sets path where request dispatcher will send user for IDP selection. In case it is null the default IDP will always be used. Default is "/idpselection".

Alternatively use property:

      saml.sso.idp-selection-page-url
 

Parameters:

idpSelectionPageURL - selection path.

Returns:

this configurer for further customization

ssoLoginURL

public SSOConfigurer ssoLoginURL(String ssoLoginURL)

The URL that the SAMLEntryPoint filter will be listening to. Default is "/saml/login".

Alternatively use property:

      saml.sso.sso-login-url
 

Parameters:

ssoLoginURL - the URL that the SAMLEntryPoint filter will be listening to.

Returns:

this configurer for further customization

profileOptions

public SSOConfigurer profileOptions(org.springframework.security.saml.websso.WebSSOProfileOptions profileOptions)

Provide a specific WebSSOProfileOptions options.

Alternatively use properties:

      saml.sso.profile-options.binding
      saml.sso.profile-options.allowed-idps
      saml.sso.profile-options.provider-name
      saml.sso.profile-options.assertion-consumer-index
      saml.sso.profile-options.name-id
      saml.sso.profile-options.allow-create
      saml.sso.profile-options.passive
      saml.sso.profile-options.force-authn
      saml.sso.profile-options.include-scoping
      saml.sso.profile-options.proxy-count
      saml.sso.profile-options.relay-state
      saml.sso.profile-options.authn-contexts
      saml.sso.profile-options.authn-context-comparison
 

Parameters:

profileOptions - the SSO Profile Options.

Returns:

this configurer for further customization