|
OpenSAML-J 2.4.1-redhat-3 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.xml.security.credential.AbstractCredentialResolver
org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
org.opensaml.security.MetadataCredentialResolver
public class MetadataCredentialResolver
A credential resolver capable of resolving credentials from SAML 2 metadata;
The instance of CriteriaSet
passed to AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet)
and AbstractCredentialResolver.resolveSingle(CriteriaSet)
must minimally contain 2 criteria: EntityIDCriteria
and MetadataCriteria
. The values for
EntityIDCriteria.getEntityID()
and MetadataCriteria.getRole()
are mandatory. If the protocol value
obtained via MetadataCriteria.getProtocol()
is not supplied, credentials will be resolved from all matching
roles, regardless of protocol support. Specification of a UsageCriteria
is optional. If usage criteria is
absent from the criteria set, the effective value UsageType.UNSPECIFIED
will be used for credential
resolution.
This credential resolver will cache the resolved the credentials in a memory-sensitive cache. If the metadata
provider is an ObservableMetadataProvider
this resolver will also clear its cache when the underlying
metadata changes.
Nested Class Summary | |
---|---|
protected class |
MetadataCredentialResolver.MetadataCacheKey
A class which serves as the key into the cache of credentials previously resolved. |
protected class |
MetadataCredentialResolver.MetadataProviderObserver
An observer that clears the credential cache if the underlying metadata changes. |
Constructor Summary | |
---|---|
MetadataCredentialResolver(MetadataProvider metadataProvider)
Constructor. |
Method Summary | |
---|---|
protected void |
cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey,
Collection<org.opensaml.xml.security.credential.Credential> credentials)
Adds resolved credentials to the cache. |
protected void |
checkCriteriaRequirements(org.opensaml.xml.security.CriteriaSet criteriaSet)
Check that all necessary credential criteria are available. |
org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver |
getKeyInfoCredentialResolver()
Get the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements. |
protected ReadWriteLock |
getReadWriteLock()
Get the lock instance used to synchronize access to the credential cache. |
protected List<RoleDescriptor> |
getRoleDescriptors(String entityID,
QName role,
String protocol)
Get the list of metadata role descriptors which match the given entityID, role and protocol. |
protected boolean |
matchUsage(org.opensaml.xml.security.credential.UsageType metadataUsage,
org.opensaml.xml.security.credential.UsageType criteriaUsage)
Match usage enum type values from metadata KeyDescriptor and from credential criteria. |
protected Iterable<org.opensaml.xml.security.credential.Credential> |
resolveFromSource(org.opensaml.xml.security.CriteriaSet criteriaSet)
|
protected Collection<org.opensaml.xml.security.credential.Credential> |
retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
Retrieves pre-resolved credentials from the cache. |
protected Collection<org.opensaml.xml.security.credential.Credential> |
retrieveFromMetadata(String entityID,
QName role,
String protocol,
org.opensaml.xml.security.credential.UsageType usage)
Retrieves credentials from the provided metadata. |
void |
setKeyInfoCredentialResolver(org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoResolver)
Set the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements. |
Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver |
---|
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies |
Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver |
---|
resolveSingle |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public MetadataCredentialResolver(MetadataProvider metadataProvider)
metadataProvider
- provider of the metadata
IllegalArgumentException
- thrown if the supplied provider is nullMethod Detail |
---|
public org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver getKeyInfoCredentialResolver()
public void setKeyInfoCredentialResolver(org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoResolver)
keyInfoResolver
- the new KeyInfoCredentialResolver to useprotected ReadWriteLock getReadWriteLock()
protected Iterable<org.opensaml.xml.security.credential.Credential> resolveFromSource(org.opensaml.xml.security.CriteriaSet criteriaSet) throws org.opensaml.xml.security.SecurityException
resolveFromSource
in class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
org.opensaml.xml.security.SecurityException
protected void checkCriteriaRequirements(org.opensaml.xml.security.CriteriaSet criteriaSet)
criteriaSet
- the credential set to evaluateprotected Collection<org.opensaml.xml.security.credential.Credential> retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
cacheKey
- the key to the metadata cache
protected Collection<org.opensaml.xml.security.credential.Credential> retrieveFromMetadata(String entityID, QName role, String protocol, org.opensaml.xml.security.credential.UsageType usage) throws org.opensaml.xml.security.SecurityException
entityID
- entityID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)usage
- intended usage of resolved credentials
org.opensaml.xml.security.SecurityException
- thrown if the key, certificate, or CRL information is represented in an unsupported
formatprotected boolean matchUsage(org.opensaml.xml.security.credential.UsageType metadataUsage, org.opensaml.xml.security.credential.UsageType criteriaUsage)
metadataUsage
- the value from the 'use' attribute of a metadata KeyDescriptor elementcriteriaUsage
- the value from credential criteria
protected List<RoleDescriptor> getRoleDescriptors(String entityID, QName role, String protocol) throws org.opensaml.xml.security.SecurityException
entityID
- entity ID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)
org.opensaml.xml.security.SecurityException
- thrown if there is an error retrieving role descriptors from the metadata providerprotected void cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey, Collection<org.opensaml.xml.security.credential.Credential> credentials)
cacheKey
- the key for caching the credentialscredentials
- collection of credentials to cache
|
OpenSAML-J 2.4.1-redhat-3 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |