public class MetadataCredentialResolver
extends org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
CriteriaSet
passed to AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet)
and AbstractCredentialResolver.resolveSingle(CriteriaSet)
must minimally contain 2 criteria: EntityIDCriteria
and MetadataCriteria
. The values for
EntityIDCriteria.getEntityID()
and MetadataCriteria.getRole()
are mandatory. If the protocol value
obtained via MetadataCriteria.getProtocol()
is not supplied, credentials will be resolved from all matching
roles, regardless of protocol support. Specification of a UsageCriteria
is optional. If usage criteria is
absent from the criteria set, the effective value UsageType.UNSPECIFIED
will be used for credential
resolution.
This credential resolver will cache the resolved the credentials in a memory-sensitive cache. If the metadata
provider is an ObservableMetadataProvider
this resolver will also clear its cache when the underlying
metadata changes.Modifier and Type | Class and Description |
---|---|
protected class |
MetadataCredentialResolver.MetadataCacheKey
A class which serves as the key into the cache of credentials previously resolved.
|
protected class |
MetadataCredentialResolver.MetadataProviderObserver
An observer that clears the credential cache if the underlying metadata changes.
|
Constructor and Description |
---|
MetadataCredentialResolver(MetadataProvider metadataProvider)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey,
Collection<org.opensaml.xml.security.credential.Credential> credentials)
Adds resolved credentials to the cache.
|
protected void |
checkCriteriaRequirements(org.opensaml.xml.security.CriteriaSet criteriaSet)
Check that all necessary credential criteria are available.
|
org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver |
getKeyInfoCredentialResolver()
Get the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.
|
protected ReadWriteLock |
getReadWriteLock()
Get the lock instance used to synchronize access to the credential cache.
|
protected List<RoleDescriptor> |
getRoleDescriptors(String entityID,
QName role,
String protocol)
Get the list of metadata role descriptors which match the given entityID, role and protocol.
|
protected boolean |
matchUsage(org.opensaml.xml.security.credential.UsageType metadataUsage,
org.opensaml.xml.security.credential.UsageType criteriaUsage)
Match usage enum type values from metadata KeyDescriptor and from credential criteria.
|
protected Iterable<org.opensaml.xml.security.credential.Credential> |
resolveFromSource(org.opensaml.xml.security.CriteriaSet criteriaSet) |
protected Collection<org.opensaml.xml.security.credential.Credential> |
retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
Retrieves pre-resolved credentials from the cache.
|
protected Collection<org.opensaml.xml.security.credential.Credential> |
retrieveFromMetadata(String entityID,
QName role,
String protocol,
org.opensaml.xml.security.credential.UsageType usage)
Retrieves credentials from the provided metadata.
|
void |
setKeyInfoCredentialResolver(org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoResolver)
Set the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.
|
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies
public MetadataCredentialResolver(MetadataProvider metadataProvider)
metadataProvider
- provider of the metadataIllegalArgumentException
- thrown if the supplied provider is nullpublic org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver getKeyInfoCredentialResolver()
public void setKeyInfoCredentialResolver(org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoResolver)
keyInfoResolver
- the new KeyInfoCredentialResolver to useprotected ReadWriteLock getReadWriteLock()
protected Iterable<org.opensaml.xml.security.credential.Credential> resolveFromSource(org.opensaml.xml.security.CriteriaSet criteriaSet) throws org.opensaml.xml.security.SecurityException
resolveFromSource
in class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
org.opensaml.xml.security.SecurityException
protected void checkCriteriaRequirements(org.opensaml.xml.security.CriteriaSet criteriaSet)
criteriaSet
- the credential set to evaluateprotected Collection<org.opensaml.xml.security.credential.Credential> retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
cacheKey
- the key to the metadata cacheprotected Collection<org.opensaml.xml.security.credential.Credential> retrieveFromMetadata(String entityID, QName role, String protocol, org.opensaml.xml.security.credential.UsageType usage) throws org.opensaml.xml.security.SecurityException
entityID
- entityID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)usage
- intended usage of resolved credentialsorg.opensaml.xml.security.SecurityException
- thrown if the key, certificate, or CRL information is represented in an unsupported
formatprotected boolean matchUsage(org.opensaml.xml.security.credential.UsageType metadataUsage, org.opensaml.xml.security.credential.UsageType criteriaUsage)
metadataUsage
- the value from the 'use' attribute of a metadata KeyDescriptor elementcriteriaUsage
- the value from credential criteriaprotected List<RoleDescriptor> getRoleDescriptors(String entityID, QName role, String protocol) throws org.opensaml.xml.security.SecurityException
entityID
- entity ID of the credential ownerrole
- role in which the entity is operatingprotocol
- protocol over which the entity is operating (may be null)org.opensaml.xml.security.SecurityException
- thrown if there is an error retrieving role descriptors from the metadata providerprotected void cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey, Collection<org.opensaml.xml.security.credential.Credential> credentials)
cacheKey
- the key for caching the credentialscredentials
- collection of credentials to cacheCopyright © 1999-2013. All Rights Reserved.