org.opensaml.xml.security.keyinfo
Class CollectionKeyInfoCredentialResolver
java.lang.Object
org.opensaml.xml.security.credential.AbstractCredentialResolver
org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
org.opensaml.xml.security.credential.CollectionCredentialResolver
org.opensaml.xml.security.keyinfo.CollectionKeyInfoCredentialResolver
- All Implemented Interfaces:
- CredentialResolver, KeyInfoCredentialResolver, Resolver<Credential,CriteriaSet>
public class CollectionKeyInfoCredentialResolver
- extends CollectionCredentialResolver
- implements KeyInfoCredentialResolver
An implementation of KeyInfoCredentialResolver
which uses a Collection
as the
underlying credential source.
Like the
CollectionCredentialResolver
, credentials returned are filtered based on any
EvaluableCredentialCriteria
which may have been present in the specified criteria set, or
which are resolved by lookup in the EvaluableCredentialCriteriaRegistry
.
This implementation may be used to address use cases where use of a
KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying
material is not necessarily supplied or expected in an instance document and keys/credentials
are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller).
In this use case, credentials are expected to be resolved from other contextual information,
including information possibly supplied as criteria to the resolver. Such credentials would be stored
in and returned from the Collection
managed by this resolver.
Note that a KeyInfo element
passed in a KeyInfoCriteria
in the criteria set is NOT
directly processed by this
implementation in any way as a source for extracting keys or other key-related material.
However, if the evaluable credential criteria registry described above were
for example to contain a mapping from KeyInfoCriteria to some type of EvaluableCredentialCriteria,
where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g.
based on contents of a KeyName
or X509SubjectName
), then such KeyInfo-derived
evaluable criteria would be used to filter or select the specific credentials that would be returned
from the underlying credential collection of this resolver. Such KeyInfo-derived evaluable criteria
may also be specified directly in the criteria set, per the above.
This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in
order to supply a default, fallback set of credentials, if none could otherwise be resolved.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CollectionKeyInfoCredentialResolver
public CollectionKeyInfoCredentialResolver()
- Constructor.
An
ArrayList
is used as the underlying collection implementation.
CollectionKeyInfoCredentialResolver
public CollectionKeyInfoCredentialResolver(Collection<Credential> credentials)
- Constructor.
- Parameters:
credentials
- the credential collection which is the backing store for the resolver
Copyright © 2006-2011 Internet2. All Rights Reserved.