Package org.springframework.security.saml2.provider.service.web.authentication.logout

Class Saml2LogoutResponseFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public final class Saml2LogoutResponseFilter extends org.springframework.web.filter.OncePerRequestFilter
A filter for handling a <saml2:LogoutResponse> sent from the asserting party. A <saml2:LogoutResponse> is sent in response to a <saml2:LogoutRequest> already sent by the relying party. Note that before a <saml2:LogoutRequest> is sent, the user is logged out. Given that, this implementation should not use any LogoutSuccessHandler that relies on the user being logged in.
Since:
5.6
See Also:

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

  • Constructor Summary

    Constructors
    Constructor
    Description
    Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)
     
    Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)
    Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain)
    void
    setLogoutRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher)
     
    void
    setLogoutRequestRepository(Saml2LogoutRequestRepository logoutRequestRepository)
    Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • Saml2LogoutResponseFilter

      public Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository registrations, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)

    • Saml2LogoutResponseFilter

      public Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2LogoutResponseValidator logoutResponseValidator, org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)
      Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party
      Parameters:
      relyingPartyRegistrationResolver - the strategy for resolving a RelyingPartyRegistration
      logoutResponseValidator - authenticates the SAML 2.0 Logout Response
      logoutSuccessHandler - the action to perform now that logout has succeeded

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setLogoutRequestMatcher

      public void setLogoutRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher)

    • setLogoutRequestRepository

      public void setLogoutRequestRepository(Saml2LogoutRequestRepository logoutRequestRepository)
      Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState
      Parameters:
      logoutRequestRepository - the Saml2LogoutRequestRepository to use