com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder

Class KeyManagerConfigurer

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

com.github.ulisesbocchio.spring.boot.security.saml.configurer.builder.KeyManagerConfigurer

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

public class KeyManagerConfigurer
extends org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Builder configurer that takes care of configuring/customizing the KeyManager bean.

Common strategy across most internal configurers is to first give priority to a Spring Bean if present in the Context. So if not KeyManager bean is defined, priority goes to a custom KeyManager provided explicitly to this configurer through the constructor. And if not provided through the constructor, a default implementation is instantiated that is configurable through the DSL methods.

This configurer also reads the values from SAMLSSOProperties#getKeyManager() if no custom KeyManager is provided, for some DSL methods if they are not used. In other words, the user is able to configure the KeyManager through the following properties:

     saml.sso.key-manager.public-key-pem-location
     saml.sso.key-manager.private-key-der-location
     saml.sso.key-manager.store-location
     saml.sso.key-manager.store-pass
     saml.sso.key-manager.key-passwords
     saml.sso.key-manager.default-key
 

Author:

Ulises Bocchio

Constructor Summary

Constructors

Constructor and Description
KeyManagerConfigurer()
KeyManagerConfigurer(org.springframework.security.saml.key.KeyManager keyManager)

Method Summary

Modifier and Type	Method and Description
void	configure(ServiceProviderBuilder builder)
KeyManagerConfigurer	defaultKey(String defaultKey) Sets the default key to use for encryption.
void	init(ServiceProviderBuilder builder)
KeyManagerConfigurer	keyPassword(String key, String password) Alternative to keyPasswords when only 1 (one) key is present in the KeyStore.
KeyManagerConfigurer	keyPasswords(Map<String,String> keyPasswords) Specify the passwords of the keys stored in the KeyStore.
KeyManagerConfigurer	keyStore(KeyStore keyStore) Set the actual KeyStore object to use.
KeyManagerConfigurer	privateKeyDERLocation(String privateKeyDERLocation) If no KeyStore is provided, specify a DER private key location.
KeyManagerConfigurer	publicKeyPEMLocation(String publicKeyPEMLocation) If no KeyStore is provided, specify a PEM certificate location.
KeyManagerConfigurer	storeLocation(String storeLocation) If not KeyStore is provided, specify the KeyStore location.
KeyManagerConfigurer	storePass(String storePass) Specify the KeyStore password.

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyManagerConfigurer

public KeyManagerConfigurer(org.springframework.security.saml.key.KeyManager keyManager)

KeyManagerConfigurer

public KeyManagerConfigurer()

Method Detail

init

public void init(ServiceProviderBuilder builder)
          throws Exception

Specified by:

init in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

configure

public void configure(ServiceProviderBuilder builder)
               throws Exception

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<Void,ServiceProviderBuilder>

Overrides:

configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<Void,ServiceProviderBuilder>

Throws:

Exception

keyStore

public KeyManagerConfigurer keyStore(KeyStore keyStore)

Set the actual KeyStore object to use. Takes precedence over publicKeyPEMLocation(String), privateKeyDERLocation(String), and storeLocation(String).

Parameters:

keyStore - the KeyStore to use.

Returns:

this configurer for further customization

publicKeyPEMLocation

public KeyManagerConfigurer publicKeyPEMLocation(String publicKeyPEMLocation)

If no KeyStore is provided, specify a PEM certificate location. Used in conjunction with privateKeyDERLocation(String).

Alternatively use property:

      saml.sso.key-manager.public-key-pem-location
 

Parameters:

publicKeyPEMLocation - the location of the PEM public key certificate.

Returns:

this configurer for further customization

privateKeyDERLocation

public KeyManagerConfigurer privateKeyDERLocation(String privateKeyDERLocation)

If no KeyStore is provided, specify a DER private key location. Used in conjunction with publicKeyPEMLocation(String).

Alternatively use property:

      saml.sso.key-manager.private-key-der-location
 

Parameters:

privateKeyDERLocation - the location of the DER private key.

Returns:

this configurer for further customization

storeLocation

public KeyManagerConfigurer storeLocation(String storeLocation)

If not KeyStore is provided, specify the KeyStore location. Takes precedence over publicKeyPEMLocation(String) and privateKeyDERLocation(String).

Alternatively use property:

      saml.sso.key-manager.store-location
 

Parameters:

storeLocation - the location of the KeyStore.

Returns:

this configurer for further customization

storePass

public KeyManagerConfigurer storePass(String storePass)

Specify the KeyStore password. Not relevant if using publicKeyPEMLocation(String) and privateKeyDERLocation(String).

Alternatively use property:

      saml.sso.key-manager.store-pass
 

Parameters:

storePass - the KeyStore password.

Returns:

this configurer for further customization

keyPasswords

public KeyManagerConfigurer keyPasswords(Map<String,String> keyPasswords)

Specify the passwords of the keys stored in the KeyStore. Not relevant if using publicKeyPEMLocation(String) and privateKeyDERLocation(String).

Alternatively use property:

      saml.sso.key-manager.key-passwords
 

Parameters:

keyPasswords -

Returns:

this configurer for further customization

keyPassword

public KeyManagerConfigurer keyPassword(String key,
                                        String password)

Alternative to keyPasswords when only 1 (one) key is present in the KeyStore.

Alternatively use property:

      saml.sso.key-manager.key-passwords
 

Parameters:

key - the key name.

password - the key password.

Returns:

this configurer for further customization

defaultKey

public KeyManagerConfigurer defaultKey(String defaultKey)

Sets the default key to use for encryption. Not relevant if using publicKeyPEMLocation(String) and privateKeyDERLocation(String).

Alternatively use property:

      saml.sso.key-manager.default-key
 

Parameters:

defaultKey - the default key name.

Returns:

this configurer for further customization