org.springframework.security.saml.trust
Class MetadataCredentialResolver

java.lang.Object
  org.opensaml.xml.security.credential.AbstractCredentialResolver
      org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
          org.opensaml.security.MetadataCredentialResolver
              org.springframework.security.saml.trust.MetadataCredentialResolver

All Implemented Interfaces:

org.opensaml.xml.security.credential.CredentialResolver, org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>

public class MetadataCredentialResolver
extends org.opensaml.security.MetadataCredentialResolver

Class customizes resolving from metadata by first using values present in the ExtenedeMetadata of an entity.

Author:

Vladimir Schafer

Nested Class Summary

Nested classes/interfaces inherited from class org.opensaml.security.MetadataCredentialResolver

org.opensaml.security.MetadataCredentialResolver.MetadataCacheKey, org.opensaml.security.MetadataCredentialResolver.MetadataProviderObserver

Field Summary

protected KeyManager	keyManager Key manager.
protected MetadataManager	manager Metadata manager.

Constructor Summary

MetadataCredentialResolver(MetadataManager metadataProvider, KeyManager keyManager)
Creates new resolver.

Method Summary

protected Collection<org.opensaml.xml.security.credential.Credential>

retrieveFromMetadata(String entityID, QName role, String protocol, org.opensaml.xml.security.credential.UsageType usage) Method tries to resolve all credentials for the given entityID.

Methods inherited from class org.opensaml.security.MetadataCredentialResolver

cacheCredentials, checkCriteriaRequirements, getKeyInfoCredentialResolver, getReadWriteLock, getRoleDescriptors, matchUsage, resolveFromSource, retrieveFromCache, setKeyInfoCredentialResolver

Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver

isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies

Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver

resolveSingle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

manager

protected MetadataManager manager

Metadata manager.

keyManager

protected KeyManager keyManager

Key manager.

Constructor Detail

MetadataCredentialResolver

public MetadataCredentialResolver(MetadataManager metadataProvider,
                                  KeyManager keyManager)

Creates new resolver.

Parameters:

metadataProvider - metadata resolver

keyManager - key manger

Method Detail

retrieveFromMetadata

protected Collection<org.opensaml.xml.security.credential.Credential> retrieveFromMetadata(String entityID,
                                                                                           QName role,
                                                                                           String protocol,
                                                                                           org.opensaml.xml.security.credential.UsageType usage)
                                                                                    throws org.opensaml.xml.security.SecurityException

Method tries to resolve all credentials for the given entityID. At first extendedMetadata for the entity is checked, in case any matching credentials are found there they are returned. Otherwise data stored in metadata is used.

Overrides:

retrieveFromMetadata in class org.opensaml.security.MetadataCredentialResolver

Parameters:

entityID - entity ID

role - role

protocol - protocol

usage - usage

Returns:

credentials usable for trust verification or decryption

Throws:

org.opensaml.xml.security.SecurityException - error