Package org.wildfly.security.credential.source

Interface CredentialSource

All Known Implementing Classes:
IdentityCredentials
public interface CredentialSource
A source for credentials.
Author:
David M. Lloyd

  • Field Details

  • Method Details

    • getCredentialAcquireSupport

      SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
      Returns:
      the level of support for this credential type (not null)
      Throws:
      IOException - if the credential source failed to determine the support level

    • getCredentialAcquireSupport

      default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) throws IOException
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      Returns:
      the level of support for this credential type (not null)
      Throws:
      IOException - if the credential source failed to determine the support level

    • getCredentialAcquireSupport

      default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType) throws IOException
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Parameters:
      credentialType - the credential type class (must not be null)
      Returns:
      the level of support for this credential type (not null)
      Throws:
      IOException - if the credential source failed to determine the support level

    • getCredential

      <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException
      Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
      Returns:
      the credential, or null if the principal has no credential of that type
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • getCredential

      default <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) throws IOException
      Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      Returns:
      the credential, or null if the principal has no credential of that type
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • getCredential

      default <C extends Credential> C getCredential(Class<C> credentialType) throws IOException
      Acquire a credential of the given type. The credential type is defined by its Class and an optional algorithmName. If the algorithm name is not given, then the query is performed for any algorithm of the given type.
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      Returns:
      the credential, or null if the principal has no credential of that type
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • applyToCredential

      default <C extends Credential, R> R applyToCredential(Class<C> credentialType, Function<C,R> function) throws IOException
      Apply the given function to the acquired credential, if it is set and of the given type.
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      function - the function to apply (must not be null)
      Returns:
      the result of the function, or null if the criteria are not met
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • applyToCredential

      default <C extends Credential, R> R applyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function) throws IOException
      Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name
      function - the function to apply (must not be null)
      Returns:
      the result of the function, or null if the criteria are not met
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • applyToCredential

      default <C extends Credential, R> R applyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function) throws IOException
      Apply the given function to the acquired credential, if it is set and of the given type and algorithm with the given parameters.
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name
      parameterSpec - the parameter specification or null if any parameter specification is acceptable
      function - the function to apply (must not be null)
      Returns:
      the result of the function, or null if the criteria are not met
      Throws:
      IOException - if the realm is not able to handle requests for any reason
      IllegalStateException - if no authentication has been initiated or authentication is already completed

    • with

      default CredentialSource with(CredentialSource other)
      Aggregate this credential source with another.
      Parameters:
      other - the other credential source (must not be null)
      Returns:
      the aggregated credential source (not null)

    • without

      default CredentialSource without(Class<? extends Credential> credentialType)
      Get a derived credential source which excludes credentials of the given type.
      Parameters:
      credentialType - the credential type to exclude (must not be null)
      Returns:
      the derived credential source (not null)

    • without

      default CredentialSource without(Class<? extends Credential> credentialType, String algorithmName)
      Get a derived credential source which excludes credentials of the given type and optional algorithm.
      Parameters:
      credentialType - the credential type to exclude (must not be null)
      algorithmName - the algorithm name to exclude, or null to exclude all algorithms (or for credential types which do not use algorithms)
      Returns:
      the derived credential source (not null)

    • without

      default CredentialSource without(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
      Get a derived credential source which excludes credentials of the given type and optional algorithm.
      Parameters:
      credentialType - the credential type to exclude (must not be null)
      algorithmName - the algorithm name to exclude, or null to exclude all algorithms (or for credential types which do not use algorithms)
      parameterSpec - the parameter specification or null if any parameter specification is acceptable
      Returns:
      the derived credential source (not null)

    • fromSecurityFactory

      static CredentialSource fromSecurityFactory(SecurityFactory<? extends Credential> credentialFactory)
      Get a credential source from the given security factory. The factory is queried on each request. If the value should be cached after the first request, use OneTimeSecurityFactory.
      Parameters:
      credentialFactory - the credential factory (must not be null)
      Returns:
      the credential source (not null)