1 /* 2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.] 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.opensaml.xml.security.credential; 18 19 import java.util.HashSet; 20 import java.util.Set; 21 22 import org.opensaml.xml.security.Criteria; 23 import org.opensaml.xml.security.CriteriaFilteringIterable; 24 import org.opensaml.xml.security.CriteriaFilteringIterator; 25 import org.opensaml.xml.security.CriteriaSet; 26 import org.opensaml.xml.security.EvaluableCriteria; 27 import org.opensaml.xml.security.SecurityException; 28 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria; 29 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry; 30 31 /** 32 * An abstract implementation of {@link CredentialResolver} which filters the returned Credentials 33 * based on the instances of {@link EvaluableCredentialCriteria} which are present in the set of 34 * criteria, or which are obtained via lookup in the {@link EvaluableCredentialCriteriaRegistry}. 35 */ 36 public abstract class AbstractCriteriaFilteringCredentialResolver extends AbstractCredentialResolver { 37 38 /** Flag to pass to CriteriaFilteringIterable constructor parameter 'meetAllCriteria'. */ 39 private boolean meetAllCriteria; 40 41 /** Flag to pass to CriteriaFilteringIterable constructor 'unevaluableSatisfies'. */ 42 private boolean unevaluableSatisfies; 43 44 /** 45 * Constructor. 46 * 47 */ 48 public AbstractCriteriaFilteringCredentialResolver() { 49 super(); 50 meetAllCriteria = true; 51 unevaluableSatisfies = true; 52 } 53 54 /** {@inheritDoc} */ 55 public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException { 56 Iterable<Credential> storeCandidates = resolveFromSource(criteriaSet); 57 Set<EvaluableCriteria<Credential>> evaluableCriteria = getEvaluableCriteria(criteriaSet); 58 if (evaluableCriteria.isEmpty()) { 59 return storeCandidates; 60 } else { 61 return new CriteriaFilteringIterable<Credential>(storeCandidates, evaluableCriteria, 62 meetAllCriteria, unevaluableSatisfies); 63 } 64 } 65 66 /** 67 * Get whether all {@link EvaluableCredentialCriteria} must be met to return 68 * a credential, or only one or more evaluable criteria. 69 * 70 * See also {@link CriteriaFilteringIterator}. 71 * 72 * @return Returns the meetAllCriteria flag. 73 */ 74 public boolean isMeetAllCriteria() { 75 return meetAllCriteria; 76 } 77 78 /** 79 * Set whether all {@link EvaluableCredentialCriteria} must be met to return 80 * a credential, or only one or more evaluable criteria. 81 * 82 * See also {@link CriteriaFilteringIterator}. 83 * 84 * @param flag the new meetAllCriteria flag value. 85 */ 86 public void setMeetAllCriteria(boolean flag) { 87 meetAllCriteria = flag; 88 } 89 90 /** 91 * Get the flag which determines the processing behavior when 92 * an {@link EvaluableCredentialCriteria} is unable to evaluate 93 * a Credential. 94 * 95 * See also {@link CriteriaFilteringIterator}. 96 * 97 * @return Returns the unevaluableSatisfies flag. 98 */ 99 public boolean isUnevaluableSatisfies() { 100 return unevaluableSatisfies; 101 } 102 103 /** 104 * Set the flag which determines the processing behavior when 105 * an {@link EvaluableCredentialCriteria} is unable to evaluate 106 * a Credential. 107 * 108 * See also {@link CriteriaFilteringIterator}. 109 * 110 * @param flag the new unevaluableSatisfies flag value. 111 */ 112 public void setUnevaluableSatisfies(boolean flag) { 113 unevaluableSatisfies = flag; 114 } 115 116 /** 117 * Subclasses are required to implement this method to resolve credentials from the 118 * implementation-specific type of underlying credential source. 119 * 120 * @param criteriaSet the set of criteria used to resolve credentials from the credential source 121 * @return an Iterable for the resolved set of credentials 122 * @throws SecurityException thrown if there is an error resolving credentials from the credential source 123 */ 124 protected abstract Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) 125 throws SecurityException; 126 127 /** 128 * Extract the evaluable credential criteria from the criteria set. 129 * 130 * @param criteriaSet the set of credential criteria to process. 131 * @return a set of evaluable Credential criteria 132 * @throws SecurityException thrown if there is an error obtaining an instance of EvaluableCredentialCriteria 133 * from the EvaluableCredentialCriteriaRegistry 134 */ 135 private Set<EvaluableCriteria<Credential>> getEvaluableCriteria(CriteriaSet criteriaSet) throws SecurityException { 136 Set<EvaluableCriteria<Credential>> evaluable = new HashSet<EvaluableCriteria<Credential>>(criteriaSet.size()); 137 for (Criteria criteria : criteriaSet) { 138 if (criteria instanceof EvaluableCredentialCriteria) { 139 evaluable.add((EvaluableCredentialCriteria) criteria); 140 } else { 141 EvaluableCredentialCriteria evaluableCriteria = 142 EvaluableCredentialCriteriaRegistry.getEvaluator(criteria); 143 if (evaluableCriteria != null) { 144 evaluable.add(evaluableCriteria); 145 } 146 } 147 } 148 return evaluable; 149 } 150 151 }