Package org.opensaml.security.credential
package org.opensaml.security.credential
Interfaces and classes related to credentials and ways to represent them.
Developers will generally create and populate CredentialResolvers
during application initialization time. CredentialCriteria can then be
constructed to model the information the application has about a
particular credential and then provided to the CredentialResolver in
order to retrieve the previously loaded credential information. Here are a
couple of use cases where this approach might be used:
- An application wishes to decrypt a message from one of many peers. The encrypted message contains a KeyInfo which itself contains the public key used to encrypt the data. The application can then use the public key to lookup its appropriate private key and decrypt the message.
- An application uses client-cert authentication via TLS when communicating with a peer. Upon receipt of the peers certificate the application uses the provide entity certificate to lookup additional information associated with this credential, including CRLs, to determine if the credential should be trusted. It then looks up it's credential for the given peer and uses it to authenticate. Once completed the application stores the TLS session key in a CredentialResolver so that it may be used during encryption processes.
-
ClassDescriptionBase class for
Credentialimplementations.A basic implementation ofCredential.A credential for an entity.Marker interface for implementations which hold information specific to a particular context within which aCredentialResolverresolves aCredential.This class holds instances ofCredentialContextwhich represent information about the context in which aCredentialResolverhas resolved aCredential.A resolver which usesCriterionto resolve and return instances ofCredential.Helper methods for working withCredentialinstances.A specialization ofCredentialwhich supports mutation of its properties.Credential usage types.