|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.xml.security.credential.AbstractCredentialResolver
org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
org.opensaml.security.MetadataCredentialResolver
public class MetadataCredentialResolver
A credential resolver capable of resolving credentials from SAML 2 metadata;
The instance of CredentialCriteriaSet
passed to AbstractCriteriaFilteringCredentialResolver.resolve(CredentialCriteriaSet)
and
AbstractCredentialResolver.resolveSingle(CredentialCriteriaSet)
must minimally contain 2 criteria: EntityIDCriteria
and MetadataCriteria
. The values for EntityIDCriteria.getEntityID()
and
MetadataCriteria.getRole()
are mandatory. If the protocol value obtained via
MetadataCriteria.getProtocol()
is not supplied, credentials will be resolved from all
matching roles, regardless of protocol support. Specification of a UsageCriteria
is optional.
If usage criteria is absent from the criteria set, the effective value UsageType.UNSPECIFIED
will be used
for credential resolution.
This credential resolver will cache the resolved the credentials in a memory-sensitive cache. If the metadata
provider is an ObservableMetadataProvider
this resolver will also clear its cache when the underlying
metadata changes.
Nested Class Summary | |
---|---|
protected class |
MetadataCredentialResolver.MetadataCacheKey
A class which serves as the key into the cache of credentials previously resolved. |
protected class |
MetadataCredentialResolver.MetadataProviderObserver
An observer that clears the credential cache if the underlying metadata changes. |
Constructor Summary | |
---|---|
MetadataCredentialResolver(MetadataProvider metadataProvider)
Constructor. |
Method Summary | |
---|---|
protected void |
cacheCredential(MetadataCredentialResolver.MetadataCacheKey cacheKey,
java.util.Collection<Credential> credentials)
Adds a resolved credential to the cache. |
protected void |
checkCriteriaRequirements(CredentialCriteriaSet criteriaSet)
Check that all necessary credential criteria are available. |
KeyInfoCredentialResolver |
getKeyInfoCredentialResolver()
Get the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements. |
protected java.util.List<RoleDescriptor> |
getRoleDescriptors(java.lang.String entityID,
javax.xml.namespace.QName role,
java.lang.String protocol)
Get the list of metadata role descriptors which match the given entityID, role and protocol. |
protected boolean |
matchUsage(UsageType metadataUsage,
UsageType criteriaUsage)
Match usage enum type values from metadata KeyDescriptor and from credential criteria. |
protected java.lang.Iterable<Credential> |
resolveFromSource(CredentialCriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source. |
protected java.util.Collection<Credential> |
retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
Retrieves pre-resolved credentials from the cache. |
protected java.util.Collection<Credential> |
retrieveFromMetadata(java.lang.String entityID,
javax.xml.namespace.QName role,
java.lang.String protocol,
UsageType usage)
Retrieves credentials from the provided metadata. |
void |
setKeyInfoCredentialResolver(KeyInfoCredentialResolver keyInfoResolver)
Set the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements. |
Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver |
---|
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies |
Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver |
---|
resolveSingle |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public MetadataCredentialResolver(MetadataProvider metadataProvider)
metadataProvider
- provider of the metadata
java.lang.IllegalArgumentException
- thrown if the supplied provider is nullMethod Detail |
---|
public KeyInfoCredentialResolver getKeyInfoCredentialResolver()
public void setKeyInfoCredentialResolver(KeyInfoCredentialResolver keyInfoResolver)
keyInfoResolver
- the new KeyInfoCredentialResolver to useprotected java.lang.Iterable<Credential> resolveFromSource(CredentialCriteriaSet criteriaSet) throws SecurityException
resolveFromSource
in class AbstractCriteriaFilteringCredentialResolver
criteriaSet
- the set of credential criteria used to resolve credentials from the credential source
SecurityException
- thrown if there is an error resolving credentials from the credential sourceprotected void checkCriteriaRequirements(CredentialCriteriaSet criteriaSet)
criteriaSet
- the credential set to evaluateprotected java.util.Collection<Credential> retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
cacheKey
- the key to the metadata cache
protected java.util.Collection<Credential> retrieveFromMetadata(java.lang.String entityID, javax.xml.namespace.QName role, java.lang.String protocol, UsageType usage) throws SecurityException
entityID
- entityID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)usage
- intended usage of resolved credentials
SecurityException
- thrown if the key, certificate, or CRL information is represented in an unsupported
formatprotected boolean matchUsage(UsageType metadataUsage, UsageType criteriaUsage)
metadataUsage
- the value from the 'use' attribute of a metadata KeyDescriptor elementcriteriaUsage
- the value from credential criteria
protected java.util.List<RoleDescriptor> getRoleDescriptors(java.lang.String entityID, javax.xml.namespace.QName role, java.lang.String protocol) throws SecurityException
entityID
- entity ID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)
SecurityException
- thrown if there is an error retrieving role descriptors
from the metadata providerprotected void cacheCredential(MetadataCredentialResolver.MetadataCacheKey cacheKey, java.util.Collection<Credential> credentials)
cacheKey
- the key for caching the credentialscredentials
- collection of credentials to cache
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |