org.wildfly.security.credential.source

Interface CredentialSource

All Known Implementing Classes:

CallbackHandlerCredentialSource, CommandCredentialSource, CredentialStoreCredentialSource, FactoryCredentialSource, IdentityCredentials, KeyStoreCredentialSource, LocalKerberosCredentialSource, OAuth2CredentialSource

public interface CredentialSource

A source for credentials.

Author:

David M. Lloyd

Field Summary

Fields

Modifier and Type	Field and Description
static CredentialSource	NONE An empty credential source.

Method Summary

Modifier and Type	Method and Description
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type.
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type and algorithm with the given parameters.
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
static CredentialSource	fromSecurityFactory(SecurityFactory<Credential> credentialFactory) Get a credential source from the given security factory.
default <C extends Credential> C	getCredential(Class<C> credentialType) Acquire a credential of the given type.
default <C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName) Acquire a credential of the given type.
<C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) Acquire a credential of the given type.
default SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType) Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
default SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
default CredentialSource	with(CredentialSource other) Aggregate this credential source with another.
default CredentialSource	without(Class<? extends Credential> credentialType) Get a derived credential source which excludes credentials of the given type.
default CredentialSource	without(Class<? extends Credential> credentialType, String algorithmName) Get a derived credential source which excludes credentials of the given type and optional algorithm.
default CredentialSource	without(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) Get a derived credential source which excludes credentials of the given type and optional algorithm.

Field Detail

NONE

static final CredentialSource NONE

An empty credential source.

Method Detail

getCredentialAcquireSupport

SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                         String algorithmName,
                                         AlgorithmParameterSpec parameterSpec)
                                  throws IOException

Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the level of support for this credential type (not null)

Throws:

IOException - if the credential source failed to determine the support level

getCredentialAcquireSupport

default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                                 String algorithmName)
                                          throws IOException

Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

Returns:

the level of support for this credential type (not null)

Throws:

IOException - if the credential source failed to determine the support level

getCredentialAcquireSupport

default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType)
                                          throws IOException

Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.

Parameters:

credentialType - the credential type class (must not be null)

Returns:

the level of support for this credential type (not null)

Throws:

IOException - if the credential source failed to determine the support level

getCredential

<C extends Credential> C getCredential(Class<C> credentialType,
                                       String algorithmName,
                                       AlgorithmParameterSpec parameterSpec)
                                throws IOException

Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the credential, or null if the principal has no credential of that type

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

getCredential

default <C extends Credential> C getCredential(Class<C> credentialType,
                                               String algorithmName)
                                        throws IOException

Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

Returns:

the credential, or null if the principal has no credential of that type

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

getCredential

default <C extends Credential> C getCredential(Class<C> credentialType)
                                        throws IOException

Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

Returns:

the credential, or null if the principal has no credential of that type

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     Function<C,R> function)
                                              throws IOException

Apply the given function to the acquired credential, if it is set and of the given type.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     String algorithmName,
                                                     Function<C,R> function)
                                              throws IOException

Apply the given function to the acquired credential, if it is set and of the given type and algorithm.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     String algorithmName,
                                                     AlgorithmParameterSpec parameterSpec,
                                                     Function<C,R> function)
                                              throws IOException

Apply the given function to the acquired credential, if it is set and of the given type and algorithm with the given parameters.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name

parameterSpec - the parameter specification or null if any parameter specification is acceptable

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

IOException - if the realm is not able to handle requests for any reason

IllegalStateException - if no authentication has been initiated or authentication is already completed

with

default CredentialSource with(CredentialSource other)

Aggregate this credential source with another.

Parameters:

other - the other credential source (must not be null)

Returns:

the aggregated credential source (not null)

without

default CredentialSource without(Class<? extends Credential> credentialType)

Get a derived credential source which excludes credentials of the given type.

Parameters:

credentialType - the credential type to exclude (must not be null)

Returns:

the derived credential source (not null)

without

default CredentialSource without(Class<? extends Credential> credentialType,
                                 String algorithmName)

Get a derived credential source which excludes credentials of the given type and optional algorithm.

Parameters:

credentialType - the credential type to exclude (must not be null)

algorithmName - the algorithm name to exclude, or null to exclude all algorithms (or for credential types which do not use algorithms)

Returns:

the derived credential source (not null)

without

default CredentialSource without(Class<? extends Credential> credentialType,
                                 String algorithmName,
                                 AlgorithmParameterSpec parameterSpec)

Get a derived credential source which excludes credentials of the given type and optional algorithm.

Parameters:

credentialType - the credential type to exclude (must not be null)

algorithmName - the algorithm name to exclude, or null to exclude all algorithms (or for credential types which do not use algorithms)

parameterSpec - the parameter specification or null if any parameter specification is acceptable

Returns:

the derived credential source (not null)

fromSecurityFactory

static CredentialSource fromSecurityFactory(SecurityFactory<Credential> credentialFactory)

Get a credential source from the given security factory. The factory is queried on each request. If the value should be cached after the first request, use OneTimeSecurityFactory.

Parameters:

credentialFactory - the credential factory (must not be null)

Returns:

the credential source (not null)