Class Saml2LogoutResponseFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public final class Saml2LogoutResponseFilter
extends org.springframework.web.filter.OncePerRequestFilter
A filter for handling a <saml2:LogoutResponse> sent from the asserting party. A
<saml2:LogoutResponse> is sent in response to a <saml2:LogoutRequest>
already sent by the relying party.
Note that before a <saml2:LogoutRequest> is sent, the user is logged out. Given
that, this implementation should not use any
LogoutSuccessHandler
that relies
on the user being logged in.- Since:
- 5.6
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Constructor Summary
ConstructorDescriptionSaml2LogoutResponseFilter
(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler) Saml2LogoutResponseFilter
(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler) Constructs aSaml2LogoutResponseFilter
for accepting SAML 2.0 Logout Responses from the asserting party -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) void
setLogoutRequestMatcher
(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher) void
setLogoutRequestRepository
(Saml2LogoutRequestRepository logoutRequestRepository) Use thisSaml2LogoutRequestRepository
for retrieving the SAML 2.0 Logout Request associated with the request'sRelayState
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
Saml2LogoutResponseFilter
public Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler) -
Saml2LogoutResponseFilter
public Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler) Constructs aSaml2LogoutResponseFilter
for accepting SAML 2.0 Logout Responses from the asserting party- Parameters:
relyingPartyRegistrationResolver
- the strategy for resolving aRelyingPartyRegistration
logoutResponseValidator
- authenticates the SAML 2.0 Logout ResponselogoutSuccessHandler
- the action to perform now that logout has succeeded
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
setLogoutRequestMatcher
public void setLogoutRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher) -
setLogoutRequestRepository
Use thisSaml2LogoutRequestRepository
for retrieving the SAML 2.0 Logout Request associated with the request'sRelayState
- Parameters:
logoutRequestRepository
- theSaml2LogoutRequestRepository
to use
-