Package se.swedenconnect.opensaml.xmlsec.config

Interface SecurityConfiguration

All Known Implementing Classes:
AbstractSecurityConfiguration, DefaultSecurityConfiguration, SAML2IntSecurityConfiguration
public interface SecurityConfiguration
An interface that enables us to work with security configurations and defaults in a simple fashion.

The OpenSAML ConfigurationService singleton may be queried for the configuration to use for a certain security operation. For example, to get the EncryptionConfiguration to use, the following code gives us the config for an encryption operation: 


 EncryptionConfiguration encryptionConfiguration = ConfigurationService.get(EncryptionConfiguration.class);

This is simple and straightforward, and you should probably stick with that way of getting the system defaults for security configuration. However, in some cases, for example when a SAML SP or IdP should support several different profiles regarding security configuration the above doesn't work that well. In these cases you may instantiate different SecurityConfiguration objects with different defaults, and use those objects to query for the security configuration. 

SecurityConfiguration saml2intConfig = setupSaml2intConfig();
 ...
 EncryptionConfig config = saml2intConfig.getEncryptionConfiguration();

When OpenSAML is initialized (using InitializationService.initialize()) the ConfigurationService will be assigned the default values from the DefaultSecurityConfigurationBootstrap class. After OpenSAML has been initialized it is possible to modify these defaults by replacing the stored default objects. 

EncryptionConfiguration myEncryptionConfiguration = ...;
 ... a lot of code setting algorithms ...
 ConfigurationService.register(EncryptionConfiguration.class, myEncryptionConfiguration);

By using a SecurityConfiguration object this step may be simplified. For example, to configure the system to use the SAML2Int algorithm requirements you simply do: 

SecurityConfiguration saml2intConfig = new SAML2IntSecurityConfiguration();
 saml2intConfig.initOpenSAML();

If you use the OpenSAMLInitializer you can do the following instead: 

OpenSAMLInitializer.getInstance().initialize(
   new OpenSAMLSecurityExtensionConfig(),
   new OpenSAMLSecurityDefaultsConfig(new SAML2IntSecurityConfiguration()));
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Method Details

    • getProfileName

      String getProfileName()
      Gets the profile name of this configuration setup.
      Returns:
      the profile name

    • getEncryptionConfiguration

      EncryptionConfiguration getEncryptionConfiguration()
      Returns the encryption configuration that has been configured.
      Returns:
      encryption configuration

    • getDecryptionConfiguration

      DecryptionConfiguration getDecryptionConfiguration()
      Returns the decryption configuration that has been configured.
      Returns:
      decryption configuration

    • getSignatureSigningConfiguration

      SignatureSigningConfiguration getSignatureSigningConfiguration()
      Returns the signing configuration that has been configued.
      Returns:
      signing configuration

    • getSignatureValidationConfiguration

      SignatureValidationConfiguration getSignatureValidationConfiguration()
      Returns the signature validation configuration that has been configured.
      Returns:
      signature validation configuration

    • initOpenSAML

      void initOpenSAML() throws InitializationException
      Initializes OpenSAML with the defaults that has been installed for this instance.

      ConfigurationService.register(XXXConfiguration.class, xxxConfiguration);

      Throws:
      InitializationException - for initialization errors