Package se.swedenconnect.spring.saml.idp.authentication.provider.external

Class SessionBasedExternalAuthenticationRepository

java.lang.Object

se.swedenconnect.spring.saml.idp.authentication.provider.external.SessionBasedExternalAuthenticationRepository

All Implemented Interfaces:

ExternalAuthenticatorTokenRepository, FilterAuthenticationTokenRepository

public class SessionBasedExternalAuthenticationRepository
extends Object
implements FilterAuthenticationTokenRepository, ExternalAuthenticatorTokenRepository

An implementation of the FilterAuthenticationTokenRepository and ExternalAuthenticatorTokenRepository interfaces that is session based.

Author:

Martin Lindström

Field Summary

Fields

Modifier and Type	Field	Description
static final String	INPUT_SESSION_KEY	The name of the session key where we store the RedirectForAuthenticationToken.
static final String	RESULT_SESSION_KEY	The name of the session key where we store the ResumedAuthenticationToken (i.e., the result).

Constructor Summary

Constructors

Constructor	Description
SessionBasedExternalAuthenticationRepository()

Method Summary

Modifier and Type	Method	Description
void	clear(jakarta.servlet.http.HttpServletRequest request)	Clears the current external authentication.
void	completeExternalAuthentication(org.springframework.security.core.Authentication token, jakarta.servlet.http.HttpServletRequest request)	Is invoken to commit the Authentication token that is the result from the external user authentication.
void	completeExternalAuthentication(Saml2ErrorStatusException error, jakarta.servlet.http.HttpServletRequest request)	Is invoken to commit the Saml2ErrorStatusException that is a description for a failed user authentication.
ResumedAuthenticationToken	getCompletedExternalAuthentication(jakarta.servlet.http.HttpServletRequest request)	Is invoked when the Saml2UserAuthenticationProcessingFilter receives a request on its "resume paths" (see Saml2UserAuthenticationProcessingFilter.setResumeAuthnRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)).
RedirectForAuthenticationToken	getExternalAuthenticationToken(jakarta.servlet.http.HttpServletRequest request)	Gets the RedirectForAuthenticationToken that is the input for an external authentication process.
void	startExternalAuthentication(RedirectForAuthenticationToken token, jakarta.servlet.http.HttpServletRequest request)	Starts an external authentication processs by storing the supplied RedirectForAuthenticationToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

INPUT_SESSION_KEY

public static final String INPUT_SESSION_KEY

The name of the session key where we store the RedirectForAuthenticationToken.

RESULT_SESSION_KEY

public static final String RESULT_SESSION_KEY

The name of the session key where we store the ResumedAuthenticationToken (i.e., the result).

Constructor Details

SessionBasedExternalAuthenticationRepository

public SessionBasedExternalAuthenticationRepository()

Method Details

startExternalAuthentication

public void startExternalAuthentication(RedirectForAuthenticationToken token,
 jakarta.servlet.http.HttpServletRequest request)

Starts an external authentication processs by storing the supplied RedirectForAuthenticationToken.

This happens when the Saml2UserAuthenticationProcessingFilter receives a RedirectForAuthenticationToken from a call to AuthenticationManager.authenticate(Authentication).

Any previously stored tokens are cleared.

Specified by:

startExternalAuthentication in interface FilterAuthenticationTokenRepository

Parameters:

token - the RedirectForAuthenticationToken

request - the HTTP servlet request

getCompletedExternalAuthentication

public ResumedAuthenticationToken getCompletedExternalAuthentication(jakarta.servlet.http.HttpServletRequest request)
                                                              throws IllegalStateException

Is invoked when the Saml2UserAuthenticationProcessingFilter receives a request on its "resume paths" (see Saml2UserAuthenticationProcessingFilter.setResumeAuthnRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)).

The method gets the Authentication object stored by the authenticator (ExternalAuthenticatorTokenRepository.completeExternalAuthentication(Authentication, HttpServletRequest) or ExternalAuthenticatorTokenRepository.completeExternalAuthentication(Saml2ErrorStatusException, HttpServletRequest)) and creates a ResumedAuthenticationToken.

Specified by:

getCompletedExternalAuthentication in interface FilterAuthenticationTokenRepository

Parameters:

request - the HTTP request

Returns:

a ResumedAuthenticationToken or null if no token exists

Throws:

IllegalStateException - if a ResumedAuthenticationToken token exists, but no corresponding RedirectForAuthenticationToken

getExternalAuthenticationToken

public RedirectForAuthenticationToken getExternalAuthenticationToken(jakarta.servlet.http.HttpServletRequest request)

Gets the RedirectForAuthenticationToken that is the input for an external authentication process.

Specified by:

getExternalAuthenticationToken in interface ExternalAuthenticatorTokenRepository

Parameters:

request - the HTTP servlet request

Returns:

the RedirectForAuthenticationToken or null if not present

completeExternalAuthentication

public void completeExternalAuthentication(org.springframework.security.core.Authentication token,
 jakarta.servlet.http.HttpServletRequest request)
                                    throws IllegalStateException

Is invoken to commit the Authentication token that is the result from the external user authentication.

Specified by:

completeExternalAuthentication in interface ExternalAuthenticatorTokenRepository

Parameters:

token - the Authentication token

request - the current HTTP request

Throws:

IllegalStateException - if the corresponding RedirectForAuthenticationToken is not available in the repository

completeExternalAuthentication

public void completeExternalAuthentication(Saml2ErrorStatusException error,
 jakarta.servlet.http.HttpServletRequest request)
                                    throws IllegalStateException

Is invoken to commit the Saml2ErrorStatusException that is a description for a failed user authentication.

Specified by:

completeExternalAuthentication in interface ExternalAuthenticatorTokenRepository

Parameters:

error - the error

request - the current HTTP request

Throws:

IllegalStateException - if the corresponding RedirectForAuthenticationToken is not available in the repository

clear

public void clear(jakarta.servlet.http.HttpServletRequest request)

Clears the current external authentication.

Specified by:

clear in interface FilterAuthenticationTokenRepository

Parameters:

request - the HTTP servlet request