View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.credential;
18  
19  import java.util.HashSet;
20  import java.util.Set;
21  
22  import org.opensaml.xml.security.Criteria;
23  import org.opensaml.xml.security.CriteriaFilteringIterable;
24  import org.opensaml.xml.security.CriteriaFilteringIterator;
25  import org.opensaml.xml.security.CriteriaSet;
26  import org.opensaml.xml.security.EvaluableCriteria;
27  import org.opensaml.xml.security.SecurityException;
28  import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria;
29  import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry;
30  
31  /**
32   * An abstract implementation of {@link CredentialResolver} which filters the returned Credentials
33   * based on the instances of {@link EvaluableCredentialCriteria} which are present in the set of
34   * criteria, or which are obtained via lookup in the {@link EvaluableCredentialCriteriaRegistry}.
35   */
36  public abstract class AbstractCriteriaFilteringCredentialResolver extends AbstractCredentialResolver {
37      
38      /** Flag to pass to CriteriaFilteringIterable constructor parameter 'meetAllCriteria'. */
39      private boolean meetAllCriteria;
40      
41      /** Flag to pass to CriteriaFilteringIterable constructor 'unevaluableSatisfies'. */
42      private boolean unevaluableSatisfies;
43      
44      /**
45       * Constructor.
46       *
47       */
48      public AbstractCriteriaFilteringCredentialResolver() {
49          super();
50          meetAllCriteria = true;
51          unevaluableSatisfies = true;
52      }
53  
54      /** {@inheritDoc} */
55      public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
56          Iterable<Credential> storeCandidates = resolveFromSource(criteriaSet);
57          Set<EvaluableCriteria<Credential>> evaluableCriteria = getEvaluableCriteria(criteriaSet);
58          if (evaluableCriteria.isEmpty()) {
59              return storeCandidates;
60          } else {
61              return new CriteriaFilteringIterable<Credential>(storeCandidates, evaluableCriteria, 
62                      meetAllCriteria, unevaluableSatisfies);
63          }
64      }
65      
66      /**
67       * Get whether all {@link EvaluableCredentialCriteria} must be met to return
68       * a credential, or only one or more evaluable criteria.
69       * 
70       * See also {@link CriteriaFilteringIterator}.
71       * 
72       * @return Returns the meetAllCriteria flag.
73       */
74      public boolean isMeetAllCriteria() {
75          return meetAllCriteria;
76      }
77  
78      /**
79       * Set whether all {@link EvaluableCredentialCriteria} must be met to return
80       * a credential, or only one or more evaluable criteria.
81       * 
82       * See also {@link CriteriaFilteringIterator}.
83       * 
84       * @param flag the new meetAllCriteria flag value.
85       */
86      public void setMeetAllCriteria(boolean flag) {
87          meetAllCriteria = flag;
88      }
89  
90      /**
91       * Get the flag which determines the processing behavior when 
92       * an {@link EvaluableCredentialCriteria} is unable to evaluate
93       * a Credential.
94       * 
95       * See also {@link CriteriaFilteringIterator}.
96       * 
97       * @return Returns the unevaluableSatisfies flag.
98       */
99      public boolean isUnevaluableSatisfies() {
100         return unevaluableSatisfies;
101     }
102 
103     /**
104      * Set the flag which determines the processing behavior when 
105      * an {@link EvaluableCredentialCriteria} is unable to evaluate
106      * a Credential.
107      * 
108      * See also {@link CriteriaFilteringIterator}.
109      * 
110      * @param flag the new unevaluableSatisfies flag value.
111      */
112     public void setUnevaluableSatisfies(boolean flag) {
113         unevaluableSatisfies = flag;
114     }
115 
116     /**
117      * Subclasses are required to implement this method to resolve credentials from the 
118      * implementation-specific type of underlying credential source.
119      * 
120      * @param criteriaSet the set of criteria used to resolve credentials from the credential source
121      * @return an Iterable for the resolved set of credentials
122      * @throws SecurityException thrown if there is an error resolving credentials from the credential source
123      */
124     protected abstract Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet)
125         throws SecurityException;
126 
127     /**
128      * Extract the evaluable credential criteria from the criteria set.
129      * 
130      * @param criteriaSet the set of credential criteria to process.
131      * @return a set of evaluable Credential criteria
132      * @throws SecurityException thrown if there is an error obtaining an instance of EvaluableCredentialCriteria
133      *                           from the EvaluableCredentialCriteriaRegistry
134      */
135     private Set<EvaluableCriteria<Credential>> getEvaluableCriteria(CriteriaSet criteriaSet) throws SecurityException {
136         Set<EvaluableCriteria<Credential>> evaluable = new HashSet<EvaluableCriteria<Credential>>(criteriaSet.size());
137         for (Criteria criteria : criteriaSet) {
138             if (criteria instanceof EvaluableCredentialCriteria) {
139                 evaluable.add((EvaluableCredentialCriteria) criteria);
140             } else {
141                 EvaluableCredentialCriteria evaluableCriteria = 
142                     EvaluableCredentialCriteriaRegistry.getEvaluator(criteria);
143                 if (evaluableCriteria != null) {
144                     evaluable.add(evaluableCriteria);
145                 }
146             }
147         }
148         return evaluable;
149     }
150 
151 }