All Known Subinterfaces:

CredentialPersister

All Known Implementing Classes:

OtpCredentialLoader, UserPasswordCredentialLoader
```
interface CredentialLoader
```
Within LDAP credentials could be stored in different ways, splitting out a CredentialLoader allows different strategies to be plugged into the realm. This interface allows for general checks to be made on the supported credential types and also enables the realm to obtain an identity specific IdentityCredentialLoader.

Author:

Darran Lofthouse

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method	Description
`default void`	`addBinaryIdentityAttributes(Collection<String> attributes)`	Construct set of LDAP attributes, which should be loaded as binary data.
`default void`	`addRequiredIdentityAttributes(Collection<String> attributes)`	Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
`IdentityCredentialLoader`	`forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes)`	Obtain an `IdentityCredentialLoader` to query the credentials for a specific identity.
`default IdentityCredentialLoader`	`forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes, Encoding hashEncoding)`	Obtain an `IdentityCredentialLoader` to query the credentials for a specific identity.
`SupportLevel`	`getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)`	Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.

- Method Detail
  - getCredentialAcquireSupport
```
SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                         String algorithmName,
                                         AlgorithmParameterSpec parameterSpec)
                                  throws RealmUnavailableException
```
    Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.
    A DirContextFactory is made available if the directory server is going to be queried but most likely this call will need to be generic as querying a whole directory is not realistic.
    Note: The DirContextFactory approach will be evolved further for better referral support so it makes it easier for it to be passed in for each call.
    
    Parameters:
    
    credentialType - the credential type (must not be null)
    
    algorithmName - the credential algorithm name
    
    parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
    
    Returns:
    
    the level of support for this credential type
    
    Throws:
    
    RealmUnavailableException
  - forIdentity
```
IdentityCredentialLoader forIdentity(DirContext dirContext,
                                     String distinguishedName,
                                     Attributes attributes)
                              throws RealmUnavailableException
```
    Obtain an IdentityCredentialLoader to query the credentials for a specific identity.
    Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName
    
    Parameters:
    
    dirContext - the DirContext to use to connect to LDAP.
    
    distinguishedName - the distinguished name of the identity.
    
    attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)
    
    Returns:
    
    An IdentityCredentialLoader for the specified identity identified by their distinguished name.
    
    Throws:
    
    RealmUnavailableException
  - forIdentity
```
default IdentityCredentialLoader forIdentity(DirContext dirContext,
                                             String distinguishedName,
                                             Attributes attributes,
                                             Encoding hashEncoding)
                                      throws RealmUnavailableException
```
    Obtain an IdentityCredentialLoader to query the credentials for a specific identity.
    Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName
    
    Parameters:
    
    dirContext - the DirContext to use to connect to LDAP.
    
    distinguishedName - the distinguished name of the identity.
    
    attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)
    
    hashEncoding - specifies the string format for the hashed password
    
    Returns:
    
    An IdentityCredentialLoader for the specified identity identified by their distinguished name.
    
    Throws:
    
    RealmUnavailableException
  - addRequiredIdentityAttributes
```
default void addRequiredIdentityAttributes(Collection<String> attributes)
```
    Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
    
    Parameters:
    
    attributes - output collection of attributes names, into which should be added
  - addBinaryIdentityAttributes
```
default void addBinaryIdentityAttributes(Collection<String> attributes)
```
    Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of addRequiredIdentityAttributes(java.util.Collection<java.lang.String>) output.
    
    Parameters:
    
    attributes - output collection of attributes names, into which should be added

Interface CredentialLoader

Method Summary

Method Detail

getCredentialAcquireSupport

forIdentity

forIdentity

addRequiredIdentityAttributes

addBinaryIdentityAttributes