Package se.swedenconnect.spring.saml.idp.authentication

Class Saml2UserAuthentication

java.lang.Object

org.springframework.security.authentication.AbstractAuthenticationToken

se.swedenconnect.spring.saml.idp.authentication.Saml2UserAuthentication

All Implemented Interfaces:

Serializable, Principal, org.springframework.security.core.Authentication, org.springframework.security.core.CredentialsContainer

public class Saml2UserAuthentication
extends org.springframework.security.authentication.AbstractAuthenticationToken

An Authentication token that represents the authentication of a user. This will later be translated into a SAML Assertion.

Author:

Martin Lindström

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	Saml2UserAuthentication.AuthenticationInfoTrack	Remembers all (SAML) occurences where the user authentication has been used.

Constructor Summary

Constructors

Constructor	Description
Saml2UserAuthentication(Saml2UserDetails userDetails)	Constructor.

Method Summary

Modifier and Type	Method	Description
void	clearAuthnRequestToken()	Clears the authentication request token.
void	clearAuthnRequirements()	Clears the authentication requirements.
Saml2UserAuthentication.AuthenticationInfoTrack	getAuthenticationInfoTrack()	Gets the tracking of all the times this user authentication object has been used.
Saml2AuthnRequestAuthenticationToken	getAuthnRequestToken()	Gets the authentication request token.
AuthenticationRequirements	getAuthnRequirements()	Gets the authentication requirements.
Object	getCredentials()	Will always return the empty string.
Object	getPrincipal()	Maps to getSaml2UserDetails().
Saml2UserDetails	getSaml2UserDetails()	Gets the Saml2UserDetails.
boolean	isReuseAuthentication()	Gets the flag telling whether this Authentication object may be "re-used", i.e., whether it may be used in SSO-scenarios.
boolean	isSsoApplied()	Predicate that tells whether the authentication object was issued based on a previous authentication.
void	setAuthnRequestToken(Saml2AuthnRequestAuthenticationToken authnRequestToken)	Assigns the authentication request token.
void	setAuthnRequirements(AuthenticationRequirements authnRequirements)	Assigns the authentication requirements.
void	setReuseAuthentication(boolean reuseAuthentication)	Assigns the flag telling whether this Authentication object may be "re-used", i.e., whether it may be used in SSO-scenarios.

Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken

equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setAuthenticated, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Details

Saml2UserAuthentication

public Saml2UserAuthentication(Saml2UserDetails userDetails)

Constructor.

Parameters:

userDetails - the user details

Method Details

getPrincipal

public Object getPrincipal()

Maps to getSaml2UserDetails().

getSaml2UserDetails

public Saml2UserDetails getSaml2UserDetails()

Gets the Saml2UserDetails.

Returns:

the Saml2UserDetails

isReuseAuthentication

public boolean isReuseAuthentication()

Gets the flag telling whether this Authentication object may be "re-used", i.e., whether it may be used in SSO-scenarios. Defaults to true.

Note that even if this flag is true the IdP-engine may choose not to save the Authentication object for future use. This may be dependent on other parameters. However, if the flag is false the authentication will not be saved.

Returns:

whether the authentication object should be saved for future SSO

setReuseAuthentication

public void setReuseAuthentication(boolean reuseAuthentication)

Assigns the flag telling whether this Authentication object may be "re-used", i.e., whether it may be used in SSO-scenarios.

Parameters:

reuseAuthentication - whether the authentication object should be saved for future SSO

getCredentials

public Object getCredentials()

Will always return the empty string.

getAuthnRequestToken

public Saml2AuthnRequestAuthenticationToken getAuthnRequestToken()

Gets the authentication request token.

Returns:

the authentication request token

setAuthnRequestToken

public void setAuthnRequestToken(Saml2AuthnRequestAuthenticationToken authnRequestToken)

Assigns the authentication request token.

Parameters:

authnRequestToken - the authentication request token

clearAuthnRequestToken

public void clearAuthnRequestToken()

Clears the authentication request token. This is done when the SAML response has been sent. The Saml2UserAuthentication object will be persisted, and there is no need to carry around the authentication request information.

getAuthnRequirements

public AuthenticationRequirements getAuthnRequirements()

Gets the authentication requirements.

Returns:

the authentication requirements

setAuthnRequirements

public void setAuthnRequirements(AuthenticationRequirements authnRequirements)

Assigns the authentication requirements.

Parameters:

authnRequirements - the authentication requirements

clearAuthnRequirements

public void clearAuthnRequirements()

Clears the authentication requirements. This is done when the SAML response has been sent. The Saml2UserAuthentication object will be persisted, and there is no need to carry around non-needed information.

getAuthenticationInfoTrack

public Saml2UserAuthentication.AuthenticationInfoTrack getAuthenticationInfoTrack()

Gets the tracking of all the times this user authentication object has been used.

Returns:

an Saml2UserAuthentication.AuthenticationInfoTrack

isSsoApplied

public boolean isSsoApplied()

Predicate that tells whether the authentication object was issued based on a previous authentication.

Returns:

true if the authentication object is based on a previous authentication and false otherwise