public abstract class AbstractDynamicHTTPMetadataResolver extends AbstractDynamicMetadataResolver
Modifier and Type | Class and Description |
---|---|
class |
AbstractDynamicHTTPMetadataResolver.BasicMetadataResponseHandler
Basic HttpClient response handler for processing metadata fetch requests.
|
AbstractDynamicMetadataResolver.BackingStoreCleanupSweeper, AbstractDynamicMetadataResolver.DefaultCacheKeyGenerator, AbstractDynamicMetadataResolver.DynamicEntityBackingStore, AbstractDynamicMetadataResolver.EntityManagementData, AbstractDynamicMetadataResolver.PersistentCacheInitializationMetrics
AbstractMetadataResolver.EntityBackingStore
Modifier and Type | Field and Description |
---|---|
private org.apache.http.client.CredentialsProvider |
credentialsProvider
Deprecated.
|
static String[] |
DEFAULT_CONTENT_TYPES
Default list of supported content MIME types.
|
private org.apache.http.client.HttpClient |
httpClient
HTTP Client used to pull the metadata.
|
private org.opensaml.security.httpclient.HttpClientSecurityParameters |
httpClientSecurityParameters
Optional HttpClient security parameters.
|
private org.slf4j.Logger |
log
Class logger.
|
static String |
MDC_ATTRIB_CURRENT_REQUEST_URI
MDC attribute representing the current request URI.
|
private org.apache.http.client.ResponseHandler<org.opensaml.core.xml.XMLObject> |
responseHandler
HttpClient ResponseHandler instance to use.
|
private List<String> |
supportedContentTypes
List of supported MIME types for use in Accept request header and validation of
response Content-Type header.
|
private String |
supportedContentTypesValue
Generated Accept request header value.
|
private Set<com.google.common.net.MediaType> |
supportedMediaTypes
Supported
MediaType instances, constructed from the supportedContentTypes list. |
private org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> |
tlsTrustEngine
Deprecated.
|
METRIC_GAUGE_NUM_LIVE_ENTITYIDS, METRIC_GAUGE_PERSISTENT_CACHE_INIT, METRIC_RATIOGAUGE_FETCH_TO_RESOLVE, METRIC_TIMER_FETCH_FROM_ORIGIN_SOURCE, METRIC_TIMER_RESOLVE
Constructor and Description |
---|
AbstractDynamicHTTPMetadataResolver(org.apache.http.client.HttpClient client)
Constructor.
|
AbstractDynamicHTTPMetadataResolver(Timer backgroundTaskTimer,
org.apache.http.client.HttpClient client)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected org.apache.http.client.protocol.HttpClientContext |
buildHttpClientContext()
Deprecated.
|
protected org.apache.http.client.protocol.HttpClientContext |
buildHttpClientContext(org.apache.http.client.methods.HttpUriRequest request)
Build the
HttpClientContext instance which will be used to invoke the HttpClient request. |
protected org.apache.http.client.methods.HttpUriRequest |
buildHttpRequest(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Build an appropriate instance of
HttpUriRequest based on the input criteria set. |
protected abstract String |
buildRequestURL(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Build the request URL based on the input criteria set.
|
protected void |
checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context,
org.apache.http.client.methods.HttpUriRequest request)
Deprecated.
use
HttpClientSecuritySupport.checkTLSCredentialEvaluated(HttpClientContext, String) |
protected void |
doDestroy() |
protected org.opensaml.core.xml.XMLObject |
fetchFromOriginSource(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Fetch the metadata from the origin source.
|
protected org.opensaml.security.httpclient.HttpClientSecurityParameters |
getHttpClientSecurityParameters()
Get the instance of
HttpClientSecurityParameters which provides various parameters to influence
the security behavior of the HttpClient instance. |
List<String> |
getSupportedContentTypes()
Get the list of supported MIME types for use in Accept request header and validation of
response Content-Type header.
|
protected Set<com.google.common.net.MediaType> |
getSupportedMediaTypes()
Get the list of supported MIME
MediaType instances used in validation of
the response Content-Type header. |
protected void |
initMetadataResolver()
Subclasses should override this method to perform any initialization logic necessary.
|
void |
setBasicCredentials(org.apache.http.auth.UsernamePasswordCredentials credentials)
Deprecated.
|
void |
setBasicCredentialsWithScope(org.apache.http.auth.UsernamePasswordCredentials credentials,
org.apache.http.auth.AuthScope scope)
Deprecated.
|
void |
setCredentialsProvider(org.apache.http.client.CredentialsProvider provider)
Deprecated.
|
void |
setHttpClientSecurityParameters(org.opensaml.security.httpclient.HttpClientSecurityParameters params)
Set an instance of
HttpClientSecurityParameters which provides various parameters to influence
the security behavior of the HttpClient instance. |
void |
setSupportedContentTypes(List<String> types)
Set the list of supported MIME types for use in Accept request header and validation of
response Content-Type header.
|
void |
setTLSTrustEngine(org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> engine)
Deprecated.
|
computeExpirationTime, computeRefreshTriggerTime, createNewBackingStore, getBackgroundInitializationFromCacheDelay, getBackingStore, getCleanupTaskInterval, getInitializationFromCachePredicate, getMaxCacheDuration, getMaxIdleEntityData, getMetricsBaseName, getMinCacheDuration, getPersistentCacheKeyGenerator, getPersistentCacheManager, getRefreshDelayFactor, initializeFromPersistentCache, isInitializeFromPersistentCacheInBackground, isPersistentCachingEnabled, isRemoveIdleEntityData, lookupEntityID, prepareForFiltering, preProcessEntityDescriptor, processNewMetadata, processNewMetadata, processPersistentCacheEntry, removeByEntityID, resolve, resolveFromOriginSource, setBackgroundInitializationFromCacheDelay, setCleanupTaskInterval, setInitializationFromCachePredicate, setInitializeFromPersistentCacheInBackground, setMaxCacheDuration, setMaxIdleEntityData, setMetricsBaseName, setMinCacheDuration, setPersistentCacheKeyGenerator, setPersistentCacheManager, setRefreshDelayFactor, setRemoveIdleEntityData, shouldAttemptRefresh
doInitialize, filterMetadata, getCriterionPredicateRegistry, getLogPrefix, getMetadataFilter, getParserPool, getUnmarshallerFactory, indexEntityDescriptor, isFailFastInitialization, isRequireValidMetadata, isSatisfyAnyPredicates, isUseDefaultPredicateRegistry, isValid, lookupIndexedEntityID, predicateFilterCandidates, preProcessEntitiesDescriptor, releaseMetadataDOM, resolveSingle, setBackingStore, setCriterionPredicateRegistry, setFailFastInitialization, setMetadataFilter, setParserPool, setRequireValidMetadata, setSatisfyAnyPredicates, setUseDefaultPredicateRegistry, unmarshallMetadata
setId
getId
destroy, initialize, isDestroyed, isInitialized
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getMetadataFilter, isRequireValidMetadata, setMetadataFilter, setRequireValidMetadata
public static final String[] DEFAULT_CONTENT_TYPES
public static final String MDC_ATTRIB_CURRENT_REQUEST_URI
ResponseHandler
.@Nonnull private final org.slf4j.Logger log
@Nonnull private org.apache.http.client.HttpClient httpClient
@NonnullAfterInit private List<String> supportedContentTypes
@NonnullAfterInit private String supportedContentTypesValue
@NonnullAfterInit private Set<com.google.common.net.MediaType> supportedMediaTypes
MediaType
instances, constructed from the supportedContentTypes
list.@Nonnull private org.apache.http.client.ResponseHandler<org.opensaml.core.xml.XMLObject> responseHandler
@Nullable private org.apache.http.client.CredentialsProvider credentialsProvider
httpClientSecurityParameters
.@Nullable private org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> tlsTrustEngine
httpClientSecurityParameters
.@Nullable private org.opensaml.security.httpclient.HttpClientSecurityParameters httpClientSecurityParameters
public AbstractDynamicHTTPMetadataResolver(@Nonnull org.apache.http.client.HttpClient client)
client
- the instance of HttpClient
used to fetch remote metadatapublic AbstractDynamicHTTPMetadataResolver(@Nullable Timer backgroundTaskTimer, @Nonnull org.apache.http.client.HttpClient client)
backgroundTaskTimer
- the Timer
instance used to run resolver background managment tasksclient
- the instance of HttpClient
used to fetch remote metadatapublic void setTLSTrustEngine(@Nullable org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> engine)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
See TLS socket factory requirements documented for
setHttpClientSecurityParameters(HttpClientSecurityParameters)
.
engine
- the trust engine instance to usepublic void setCredentialsProvider(@Nullable org.apache.http.client.CredentialsProvider provider)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
CredentialsProvider
used for authentication by the HttpClient instance.provider
- the credentials providerpublic void setBasicCredentials(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
An AuthScope
will be generated which specifies any host, port, scheme and realm.
To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead
provide an instance of CredentialsProvider
via setCredentialsProvider(CredentialsProvider)
.
credentials
- the username and password credentialspublic void setBasicCredentialsWithScope(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials, @Nullable org.apache.http.auth.AuthScope scope)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
If the authScope
is null, an AuthScope
will be generated which specifies
any host, port, scheme and realm.
To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead
provide an instance of CredentialsProvider
via setCredentialsProvider(CredentialsProvider)
.
credentials
- the username and password credentialsscope
- the HTTP client auth scope with which to scope the credentials, may be null@Nullable protected org.opensaml.security.httpclient.HttpClientSecurityParameters getHttpClientSecurityParameters()
HttpClientSecurityParameters
which provides various parameters to influence
the security behavior of the HttpClient instance.public void setHttpClientSecurityParameters(@Nullable org.opensaml.security.httpclient.HttpClientSecurityParameters params)
HttpClientSecurityParameters
which provides various parameters to influence
the security behavior of the HttpClient instance.
For all TLS-related parameters, must be used in conjunction with an HttpClient instance which is configured with either a:
net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
SecurityEnhancedTLSSocketFactory
which wraps
an instance of net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
, with
the latter likely configured in a "no trust" configuration. This variant is required if either a
trust engine or a client TLS credential is to be used.
net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
,
see net.shibboleth.utilities.java.support.httpclient.HttpClientSupport
.
ResolverException
will ultimately be thrown.
params
- the security parameters@NonnullAfterInit @NotLive @Unmodifiable protected Set<com.google.common.net.MediaType> getSupportedMediaTypes()
MediaType
instances used in validation of
the response Content-Type header.
Is generated at init time from getSupportedContentTypes()
.
@NonnullAfterInit @NotLive @Unmodifiable public List<String> getSupportedContentTypes()
public void setSupportedContentTypes(@Nullable List<String> types)
types
- the new supported content types to setprotected void initMetadataResolver() throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
initMetadataResolver
in class AbstractDynamicMetadataResolver
net.shibboleth.utilities.java.support.component.ComponentInitializationException
- thrown if there is a problem initializing the providerprotected void doDestroy()
doDestroy
in class AbstractDynamicMetadataResolver
@Nullable protected org.opensaml.core.xml.XMLObject fetchFromOriginSource(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws IOException
fetchFromOriginSource
in class AbstractDynamicMetadataResolver
criteria
- the input criteria setIOException
- if there is a fatal error fetching metadata from the origin source@Deprecated protected void checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context, org.apache.http.client.methods.HttpUriRequest request) throws SSLPeerUnverifiedException
HttpClientSecuritySupport.checkTLSCredentialEvaluated(HttpClientContext, String)
context
- the current HTTP context instance in userequest
- the HTTP URI requestSSLPeerUnverifiedException
- thrown if the TLS credential was not actually evaluated by the trust engine@Nullable protected org.apache.http.client.methods.HttpUriRequest buildHttpRequest(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
HttpUriRequest
based on the input criteria set.criteria
- the input criteria set@Nullable protected abstract String buildRequestURL(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria setprotected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext()
buildHttpClientContext(HttpUriRequest)
HttpClientContext
instance which will be used to invoke the HttpClient
request.HttpClientContext
protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext(@Nullable org.apache.http.client.methods.HttpUriRequest request)
HttpClientContext
instance which will be used to invoke the HttpClient
request.request
- the current HTTP requestHttpClientContext
Copyright © 1999–2020 Shibboleth Consortium. All rights reserved.