MetadataCredentialResolver (Red Hat JBoss Enterprise Application Platform 6.4.19.GA public API)

java.lang.Object
- org.opensaml.xml.security.credential.AbstractCredentialResolver
- - org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
  - - org.opensaml.security.MetadataCredentialResolver

All Implemented Interfaces:

CredentialResolver, Resolver<Credential,CriteriaSet>
```
public class MetadataCredentialResolver
extends AbstractCriteriaFilteringCredentialResolver
```
A credential resolver capable of resolving credentials from SAML 2 metadata; The instance of CriteriaSet passed to AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet) and AbstractCredentialResolver.resolveSingle(CriteriaSet) must minimally contain 2 criteria: EntityIDCriteria and MetadataCriteria. The values for EntityIDCriteria.getEntityID() and MetadataCriteria.getRole() are mandatory. If the protocol value obtained via MetadataCriteria.getProtocol() is not supplied, credentials will be resolved from all matching roles, regardless of protocol support. Specification of a UsageCriteria is optional. If usage criteria is absent from the criteria set, the effective value UsageType.UNSPECIFIED will be used for credential resolution. This credential resolver will cache the resolved the credentials in a memory-sensitive cache. If the metadata provider is an ObservableMetadataProvider this resolver will also clear its cache when the underlying metadata changes.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`protected class`	`MetadataCredentialResolver.MetadataCacheKey` A class which serves as the key into the cache of credentials previously resolved.
`protected class`	`MetadataCredentialResolver.MetadataProviderObserver` An observer that clears the credential cache if the underlying metadata changes.

Constructor Summary

Constructors
Constructor and Description

MetadataCredentialResolver(MetadataProvider metadataProvider)
Constructor.

Constructors
Constructor and Description
`MetadataCredentialResolver(MetadataProvider metadataProvider)` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey, Collection<Credential> credentials)` Adds resolved credentials to the cache.
`protected void`	`checkCriteriaRequirements(CriteriaSet criteriaSet)` Check that all necessary credential criteria are available.
`KeyInfoCredentialResolver`	`getKeyInfoCredentialResolver()` Get the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.
`protected ReadWriteLock`	`getReadWriteLock()` Get the lock instance used to synchronize access to the credential cache.
`protected List<RoleDescriptor>`	`getRoleDescriptors(String entityID, QName role, String protocol)` Get the list of metadata role descriptors which match the given entityID, role and protocol.
`protected boolean`	`matchUsage(UsageType metadataUsage, UsageType criteriaUsage)` Match usage enum type values from metadata KeyDescriptor and from credential criteria.
`protected Iterable<Credential>`	`resolveFromSource(CriteriaSet criteriaSet)` Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.
`protected Collection<Credential>`	`retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)` Retrieves pre-resolved credentials from the cache.
`protected Collection<Credential>`	`retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage)` Retrieves credentials from the provided metadata.
`void`	`setKeyInfoCredentialResolver(KeyInfoCredentialResolver keyInfoResolver)` Set the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.

Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies

Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver
resolveSingle

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - MetadataCredentialResolver
```
public MetadataCredentialResolver(MetadataProvider metadataProvider)
```
    Constructor.
    
    Parameters:
    metadataProvider - provider of the metadata
    
    Throws:
    
    IllegalArgumentException - thrown if the supplied provider is null
- Method Detail
  - getKeyInfoCredentialResolver
```
public KeyInfoCredentialResolver getKeyInfoCredentialResolver()
```
    Get the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.
    
    Returns:
    KeyInfo credential resolver
  - setKeyInfoCredentialResolver
```
public void setKeyInfoCredentialResolver(KeyInfoCredentialResolver keyInfoResolver)
```
    Set the KeyInfo credential resolver used by this metadata resolver to handle KeyInfo elements.
    
    Parameters:
    keyInfoResolver - the new KeyInfoCredentialResolver to use
  - getReadWriteLock
```
protected ReadWriteLock getReadWriteLock()
```
    Get the lock instance used to synchronize access to the credential cache.
    
    Returns:
    a read-write lock instance
  - resolveFromSource
```
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet)
                                          throws SecurityException
```
    Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.
    
    Specified by:
    
    resolveFromSource in class AbstractCriteriaFilteringCredentialResolver
    
    Parameters:
    criteriaSet - the set of criteria used to resolve credentials from the credential source
    
    Returns:
    an Iterable for the resolved set of credentials
    
    Throws:
    
    SecurityException - thrown if there is an error resolving credentials from the credential source
  - checkCriteriaRequirements
```
protected void checkCriteriaRequirements(CriteriaSet criteriaSet)
```
    Check that all necessary credential criteria are available.
    
    Parameters:
    criteriaSet - the credential set to evaluate
  - retrieveFromCache
```
protected Collection<Credential> retrieveFromCache(MetadataCredentialResolver.MetadataCacheKey cacheKey)
```
    Retrieves pre-resolved credentials from the cache.
    
    Parameters:
    cacheKey - the key to the metadata cache
    
    Returns:
    the collection of cached credentials or null
  - retrieveFromMetadata
```
protected Collection<Credential> retrieveFromMetadata(String entityID,
                                          QName role,
                                          String protocol,
                                          UsageType usage)
                                               throws SecurityException
```
    Retrieves credentials from the provided metadata.
    
    Parameters:
    entityID - entityID of the credential owner
    role - role in which the entity is operating
    protocol - protocol over which the entity is operating (may be null)
    usage - intended usage of resolved credentials
    
    Returns:
    the resolved credentials or null
    
    Throws:
    
    SecurityException - thrown if the key, certificate, or CRL information is represented in an unsupported format
  - matchUsage
```
protected boolean matchUsage(UsageType metadataUsage,
                 UsageType criteriaUsage)
```
    Match usage enum type values from metadata KeyDescriptor and from credential criteria.
    
    Parameters:
    metadataUsage - the value from the 'use' attribute of a metadata KeyDescriptor element
    criteriaUsage - the value from credential criteria
    
    Returns:
    true if the two usage specifiers match for purposes of resolving credentials, false otherwise
  - getRoleDescriptors
```
protected List<RoleDescriptor> getRoleDescriptors(String entityID,
                                      QName role,
                                      String protocol)
                                           throws SecurityException
```
    Get the list of metadata role descriptors which match the given entityID, role and protocol.
    
    Parameters:
    entityID - entity ID of the credential owner
    role - role in which the entity is operating
    protocol - protocol over which the entity is operating (may be null)
    
    Returns:
    a list of role descriptors matching the given parameters, or null
    
    Throws:
    
    SecurityException - thrown if there is an error retrieving role descriptors from the metadata provider
  - cacheCredentials
```
protected void cacheCredentials(MetadataCredentialResolver.MetadataCacheKey cacheKey,
                    Collection<Credential> credentials)
```
    Adds resolved credentials to the cache.
    
    Parameters:
    cacheKey - the key for caching the credentials
    credentials - collection of credentials to cache

Class MetadataCredentialResolver

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver

Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver

Methods inherited from class java.lang.Object

Constructor Detail

MetadataCredentialResolver

Method Detail

getKeyInfoCredentialResolver

setKeyInfoCredentialResolver

getReadWriteLock

resolveFromSource

checkCriteriaRequirements

retrieveFromCache

retrieveFromMetadata

matchUsage

getRoleDescriptors

cacheCredentials