1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security.credential;
18
19 import java.util.HashSet;
20 import java.util.Set;
21
22 import org.opensaml.xml.security.Criteria;
23 import org.opensaml.xml.security.CriteriaFilteringIterable;
24 import org.opensaml.xml.security.CriteriaFilteringIterator;
25 import org.opensaml.xml.security.CriteriaSet;
26 import org.opensaml.xml.security.EvaluableCriteria;
27 import org.opensaml.xml.security.SecurityException;
28 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria;
29 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry;
30
31 /**
32 * An abstract implementation of {@link CredentialResolver} which filters the returned Credentials
33 * based on the instances of {@link EvaluableCredentialCriteria} which are present in the set of
34 * criteria, or which are obtained via lookup in the {@link EvaluableCredentialCriteriaRegistry}.
35 */
36 public abstract class AbstractCriteriaFilteringCredentialResolver extends AbstractCredentialResolver {
37
38 /** Flag to pass to CriteriaFilteringIterable constructor parameter 'meetAllCriteria'. */
39 private boolean meetAllCriteria;
40
41 /** Flag to pass to CriteriaFilteringIterable constructor 'unevaluableSatisfies'. */
42 private boolean unevaluableSatisfies;
43
44 /**
45 * Constructor.
46 *
47 */
48 public AbstractCriteriaFilteringCredentialResolver() {
49 super();
50 meetAllCriteria = true;
51 unevaluableSatisfies = true;
52 }
53
54 /** {@inheritDoc} */
55 public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
56 Iterable<Credential> storeCandidates = resolveFromSource(criteriaSet);
57 Set<EvaluableCriteria<Credential>> evaluableCriteria = getEvaluableCriteria(criteriaSet);
58 if (evaluableCriteria.isEmpty()) {
59 return storeCandidates;
60 } else {
61 return new CriteriaFilteringIterable<Credential>(storeCandidates, evaluableCriteria,
62 meetAllCriteria, unevaluableSatisfies);
63 }
64 }
65
66 /**
67 * Get whether all {@link EvaluableCredentialCriteria} must be met to return
68 * a credential, or only one or more evaluable criteria.
69 *
70 * See also {@link CriteriaFilteringIterator}.
71 *
72 * @return Returns the meetAllCriteria flag.
73 */
74 public boolean isMeetAllCriteria() {
75 return meetAllCriteria;
76 }
77
78 /**
79 * Set whether all {@link EvaluableCredentialCriteria} must be met to return
80 * a credential, or only one or more evaluable criteria.
81 *
82 * See also {@link CriteriaFilteringIterator}.
83 *
84 * @param flag the new meetAllCriteria flag value.
85 */
86 public void setMeetAllCriteria(boolean flag) {
87 meetAllCriteria = flag;
88 }
89
90 /**
91 * Get the flag which determines the processing behavior when
92 * an {@link EvaluableCredentialCriteria} is unable to evaluate
93 * a Credential.
94 *
95 * See also {@link CriteriaFilteringIterator}.
96 *
97 * @return Returns the unevaluableSatisfies flag.
98 */
99 public boolean isUnevaluableSatisfies() {
100 return unevaluableSatisfies;
101 }
102
103 /**
104 * Set the flag which determines the processing behavior when
105 * an {@link EvaluableCredentialCriteria} is unable to evaluate
106 * a Credential.
107 *
108 * See also {@link CriteriaFilteringIterator}.
109 *
110 * @param flag the new unevaluableSatisfies flag value.
111 */
112 public void setUnevaluableSatisfies(boolean flag) {
113 unevaluableSatisfies = flag;
114 }
115
116 /**
117 * Subclasses are required to implement this method to resolve credentials from the
118 * implementation-specific type of underlying credential source.
119 *
120 * @param criteriaSet the set of criteria used to resolve credentials from the credential source
121 * @return an Iterable for the resolved set of credentials
122 * @throws SecurityException thrown if there is an error resolving credentials from the credential source
123 */
124 protected abstract Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet)
125 throws SecurityException;
126
127 /**
128 * Extract the evaluable credential criteria from the criteria set.
129 *
130 * @param criteriaSet the set of credential criteria to process.
131 * @return a set of evaluable Credential criteria
132 * @throws SecurityException thrown if there is an error obtaining an instance of EvaluableCredentialCriteria
133 * from the EvaluableCredentialCriteriaRegistry
134 */
135 private Set<EvaluableCriteria<Credential>> getEvaluableCriteria(CriteriaSet criteriaSet) throws SecurityException {
136 Set<EvaluableCriteria<Credential>> evaluable = new HashSet<EvaluableCriteria<Credential>>(criteriaSet.size());
137 for (Criteria criteria : criteriaSet) {
138 if (criteria instanceof EvaluableCredentialCriteria) {
139 evaluable.add((EvaluableCredentialCriteria) criteria);
140 } else {
141 EvaluableCredentialCriteria evaluableCriteria =
142 EvaluableCredentialCriteriaRegistry.getEvaluator(criteria);
143 if (evaluableCriteria != null) {
144 evaluable.add(evaluableCriteria);
145 }
146 }
147 }
148 return evaluable;
149 }
150
151 }