Saml2AuthenticationSuccessHandler (nifi-web-security 1.20.0 API)

java.lang.Object
- org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- - org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
  - - org.apache.nifi.web.security.saml2.web.authentication.Saml2AuthenticationSuccessHandler

All Implemented Interfaces:

org.springframework.security.web.authentication.AuthenticationSuccessHandler
```
public class Saml2AuthenticationSuccessHandler
extends org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
```
SAML 2 Authentication Success Handler redirects to the user interface and sets a Session Cookie with a Bearer Token

Field Summary

Fields
Modifier and Type	Field and Description
`private ApplicationCookieService`	`applicationCookieService`
`private BearerTokenProvider`	`bearerTokenProvider`
`private Duration`	`expiration`
`private List<IdentityMapping>`	`groupIdentityMappings`
`private org.springframework.core.convert.converter.Converter<org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal,String>`	`identityConverter`
`private IdpUserGroupService`	`idpUserGroupService`
`private String`	`issuer`
`private static String`	`ROOT_PATH`
`private static String`	`UI_PATH`
`private List<IdentityMapping>`	`userIdentityMappings`

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
logger

Constructor Summary

Constructors
Constructor and Description
`Saml2AuthenticationSuccessHandler(BearerTokenProvider bearerTokenProvider, IdpUserGroupService idpUserGroupService, List<IdentityMapping> userIdentityMappings, List<IdentityMapping> groupIdentityMappings, Duration expiration, String issuer)` SAML 2 Authentication Success Handler requires Bearer Token Provider and expiration for generated tokens

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`determineTargetUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)` Determine Redirect Target URL based on Request URL and add Session Cookie containing a Bearer Token
`private String`	`getBearerToken(String identity)`
`private Set<String>`	`getGroups(org.springframework.security.core.Authentication authentication)`
`private String`	`getIdentity(org.springframework.security.core.Authentication authentication)`
`private void`	`processAuthentication(javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication, URI resourceUri)`
`void`	`setIdentityConverter(org.springframework.core.convert.converter.Converter<org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal,String> identityConverter)` Set Identity Converter for customized mapping of SAML 2 Authenticated Principal to user identity

Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
clearAuthenticationAttributes, onAuthenticationSuccess

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
onAuthenticationSuccess

Field Detail

UI_PATH
```
private static final String UI_PATH
```
See Also:

Constant Field Values

ROOT_PATH
```
private static final String ROOT_PATH
```
See Also:

Constant Field Values

applicationCookieService

private final ApplicationCookieService applicationCookieService

bearerTokenProvider

private final BearerTokenProvider bearerTokenProvider

idpUserGroupService

private final IdpUserGroupService idpUserGroupService

userIdentityMappings

private final List<IdentityMapping> userIdentityMappings

groupIdentityMappings

private final List<IdentityMapping> groupIdentityMappings

expiration
```
private final Duration expiration
```

issuer
```
private final String issuer
```

identityConverter

private org.springframework.core.convert.converter.Converter<org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal,String> identityConverter

Constructor Detail

Saml2AuthenticationSuccessHandler

public Saml2AuthenticationSuccessHandler(BearerTokenProvider bearerTokenProvider,
                                         IdpUserGroupService idpUserGroupService,
                                         List<IdentityMapping> userIdentityMappings,
                                         List<IdentityMapping> groupIdentityMappings,
                                         Duration expiration,
                                         String issuer)

SAML 2 Authentication Success Handler requires Bearer Token Provider and expiration for generated tokens

Parameters:: bearerTokenProvider - Bearer Token Provider; idpUserGroupService - User Group Service for persisting groups from the Identity Provider; userIdentityMappings - User Identity Mappings; groupIdentityMappings - Group Identity Mappings; expiration - Expiration for generated tokens; issuer - Token Issuer

Method Detail

setIdentityConverter

public void setIdentityConverter(org.springframework.core.convert.converter.Converter<org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal,String> identityConverter)

Set Identity Converter for customized mapping of SAML 2 Authenticated Principal to user identity

Parameters:: identityConverter - Identity Converter required

determineTargetUrl
```
public String determineTargetUrl(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 org.springframework.security.core.Authentication authentication)
```
Determine Redirect Target URL based on Request URL and add Session Cookie containing a Bearer Token

Overrides:

determineTargetUrl in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Parameters:

request - HTTP Servlet Request

response - HTTP Servlet Response

authentication - SAML 2 Authentication

Returns:

Redirect Target URL

processAuthentication

private void processAuthentication(javax.servlet.http.HttpServletResponse response,
                                   org.springframework.security.core.Authentication authentication,
                                   URI resourceUri)

getBearerToken

private String getBearerToken(String identity)

getIdentity

private String getIdentity(org.springframework.security.core.Authentication authentication)

getGroups

private Set<String> getGroups(org.springframework.security.core.Authentication authentication)

Class Saml2AuthenticationSuccessHandler

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Methods inherited from class java.lang.Object

Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler