Class HTTPMetadataResolver
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
-
- org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
-
- org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver
-
- org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver
-
- org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver
-
- All Implemented Interfaces:
Iterable<EntityDescriptor>
,Component
,DestructableComponent
,IdentifiableComponent
,IdentifiedComponent
,InitializableComponent
,Resolver<EntityDescriptor,CriteriaSet>
,IterableMetadataSource
,BatchMetadataResolver
,MetadataResolver
,RefreshableMetadataResolver
- Direct Known Subclasses:
FileBackedHTTPMetadataResolver
public class HTTPMetadataResolver extends AbstractReloadingMetadataResolver
A metadata provider that pulls metadata using an HTTP GET. Metadata is cached until one of these criteria is met:- The smallest cacheDuration within the metadata is exceeded
- The earliest validUntil time within the metadata is exceeded
- The maximum cache duration is exceeded
AbstractInitializableComponent.initialize()
, if any properties of this provider are changed.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver
AbstractBatchMetadataResolver.BatchEntityBackingStore
-
Nested classes/interfaces inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
AbstractMetadataResolver.EntityBackingStore
-
-
Field Summary
Fields Modifier and Type Field Description private String
cachedMetadataETag
The ETag provided when the currently cached metadata was fetched.private String
cachedMetadataLastModified
The Last-Modified information provided when the currently cached metadata was fetched.private org.apache.http.client.HttpClient
httpClient
HTTP Client used to pull the metadata.private HttpClientSecurityParameters
httpClientSecurityParameters
Optional HttpClient security parameters.private org.slf4j.Logger
log
Class logger.private URI
metadataURI
URL to the Metadata.
-
Constructor Summary
Constructors Constructor Description HTTPMetadataResolver(Timer backgroundTaskTimer, org.apache.http.client.HttpClient client, String metadataURL)
Constructor.HTTPMetadataResolver(org.apache.http.client.HttpClient client, String metadataURL)
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.apache.http.client.protocol.HttpClientContext
buildHttpClientContext(org.apache.http.client.methods.HttpUriRequest request)
Build theHttpClientContext
instance which will be used to invoke theHttpClient
request.protected org.apache.http.client.methods.HttpGet
buildHttpGet()
Builds theHttpGet
instance used to fetch the metadata.protected void
doDestroy()
protected byte[]
fetchMetadata()
Gets the metadata document from the remote server.protected HttpClientSecurityParameters
getHttpClientSecurityParameters()
Get the instance ofHttpClientSecurityParameters
which provides various parameters to influence the security behavior of the HttpClient instance.protected byte[]
getMetadataBytesFromResponse(org.apache.http.HttpResponse response)
Extracts the raw metadata bytes from the response taking in to account possible deflate and GZip compression.protected String
getMetadataIdentifier()
Gets an identifier which may be used to distinguish this metadata in logging statements.String
getMetadataURI()
Gets the URL to fetch the metadata.protected void
processConditionalRetrievalHeaders(org.apache.http.HttpResponse response)
Records the ETag and Last-Modified headers, from the response, if they are present.void
setHttpClientSecurityParameters(HttpClientSecurityParameters params)
Set an instance ofHttpClientSecurityParameters
which provides various parameters to influence the security behavior of the HttpClient instance.-
Methods inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver
computeNextRefreshDelay, getExpirationTime, getExpirationWarningThreshold, getLastFailureCause, getLastRefresh, getLastSuccessfulRefresh, getLastUpdate, getMaxRefreshDelay, getMinRefreshDelay, getNextRefresh, getRefreshDelayFactor, initMetadataResolver, inputstreamToByteArray, postProcessMetadata, processCachedMetadata, processNewMetadata, processNonExpiredMetadata, processPreExpiredMetadata, refresh, setCacheSourceMetadata, setExpirationWarningThreshold, setMaxRefreshDelay, setMinRefreshDelay, setRefreshDelayFactor, unmarshallMetadata, wasLastRefreshSuccess
-
Methods inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver
createNewBackingStore, getBackingStore, getCachedFilteredMetadata, getCachedOriginalMetadata, getIndexes, getRootValidUntil, indexEntityDescriptor, isCacheSourceMetadata, isResolveViaPredicatesOnly, isRootValid, iterator, lookupByIndexes, preProcessNewMetadata, resolve, setIndexes, setResolveViaPredicatesOnly
-
Methods inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
doInitialize, filterMetadata, getCriterionPredicateRegistry, getLogPrefix, getMetadataFilter, getParserPool, getUnmarshallerFactory, isFailFastInitialization, isRequireValidMetadata, isSatisfyAnyPredicates, isUseDefaultPredicateRegistry, isValid, lookupEntityID, lookupIndexedEntityID, newFilterContext, predicateFilterCandidates, preProcessEntitiesDescriptor, preProcessEntityDescriptor, releaseMetadataDOM, removeByEntityID, resolveSingle, setBackingStore, setCriterionPredicateRegistry, setFailFastInitialization, setMetadataFilter, setParserPool, setRequireValidMetadata, setSatisfyAnyPredicates, setUseDefaultPredicateRegistry, unmarshallMetadata
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
Methods inherited from interface java.lang.Iterable
forEach, spliterator
-
Methods inherited from interface org.opensaml.saml.metadata.resolver.MetadataResolver
getMetadataFilter, isRequireValidMetadata, setMetadataFilter, setRequireValidMetadata
-
Methods inherited from interface net.shibboleth.utilities.java.support.resolver.Resolver
resolve, resolveSingle
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
httpClient
private org.apache.http.client.HttpClient httpClient
HTTP Client used to pull the metadata.
-
metadataURI
private URI metadataURI
URL to the Metadata.
-
cachedMetadataETag
private String cachedMetadataETag
The ETag provided when the currently cached metadata was fetched.
-
cachedMetadataLastModified
private String cachedMetadataLastModified
The Last-Modified information provided when the currently cached metadata was fetched.
-
httpClientSecurityParameters
@Nullable private HttpClientSecurityParameters httpClientSecurityParameters
Optional HttpClient security parameters.
-
-
Constructor Detail
-
HTTPMetadataResolver
public HTTPMetadataResolver(org.apache.http.client.HttpClient client, String metadataURL) throws ResolverException
Constructor.- Parameters:
client
- HTTP client used to pull in remote metadatametadataURL
- URL to the remove remote metadata- Throws:
ResolverException
- thrown if the HTTP client is null or the metadata URL provided is invalid
-
HTTPMetadataResolver
public HTTPMetadataResolver(Timer backgroundTaskTimer, org.apache.http.client.HttpClient client, String metadataURL) throws ResolverException
Constructor.- Parameters:
backgroundTaskTimer
- timer used to schedule background metadata refresh tasksclient
- HTTP client used to pull in remote metadatametadataURL
- URL to the remove remote metadata- Throws:
ResolverException
- thrown if the HTTP client is null or the metadata URL provided is invalid
-
-
Method Detail
-
getMetadataURI
public String getMetadataURI()
Gets the URL to fetch the metadata.- Returns:
- the URL to fetch the metadata
-
getHttpClientSecurityParameters
@Nullable protected HttpClientSecurityParameters getHttpClientSecurityParameters()
Get the instance ofHttpClientSecurityParameters
which provides various parameters to influence the security behavior of the HttpClient instance.- Returns:
- the parameters instance, or null
-
setHttpClientSecurityParameters
public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters params)
Set an instance ofHttpClientSecurityParameters
which provides various parameters to influence the security behavior of the HttpClient instance.For all TLS-related parameters, must be used in conjunction with an HttpClient instance which is configured with either a:
-
a
TLSSocketFactory
-
SecurityEnhancedTLSSocketFactory
which wraps an instance ofTLSSocketFactory
, with the latter likely configured in a "no trust" configuration. This variant is required if either a trust engine or a client TLS credential is to be used.
For convenience methods for building a
TLSSocketFactory
, seeHttpClientSupport
.If the appropriate TLS socket factory is not configured and a trust engine is specified, then this will result in no TLS trust evaluation being performed and a
ResolverException
will ultimately be thrown.- Parameters:
params
- the security parameters
-
a
-
doDestroy
protected void doDestroy()
- Overrides:
doDestroy
in classAbstractReloadingMetadataResolver
-
getMetadataIdentifier
protected String getMetadataIdentifier()
Gets an identifier which may be used to distinguish this metadata in logging statements.- Specified by:
getMetadataIdentifier
in classAbstractReloadingMetadataResolver
- Returns:
- identifier which may be used to distinguish this metadata in logging statements
-
fetchMetadata
protected byte[] fetchMetadata() throws ResolverException
Gets the metadata document from the remote server.- Specified by:
fetchMetadata
in classAbstractReloadingMetadataResolver
- Returns:
- the metadata from remote server, or null if the metadata document has not changed since the last retrieval
- Throws:
ResolverException
- thrown if there is a problem retrieving the metadata from the remote server
-
buildHttpGet
protected org.apache.http.client.methods.HttpGet buildHttpGet()
Builds theHttpGet
instance used to fetch the metadata. The returned method advertises support for GZIP and deflate compression, enables conditional GETs if the cached metadata came with either an ETag or Last-Modified information, and sets up basic authentication if such is configured.- Returns:
- the constructed HttpGet instance
-
buildHttpClientContext
protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext(@Nonnull org.apache.http.client.methods.HttpUriRequest request)
Build theHttpClientContext
instance which will be used to invoke theHttpClient
request.- Parameters:
request
- the current HTTP request- Returns:
- a new instance of
HttpClientContext
-
processConditionalRetrievalHeaders
protected void processConditionalRetrievalHeaders(org.apache.http.HttpResponse response)
Records the ETag and Last-Modified headers, from the response, if they are present.- Parameters:
response
- GetMethod containing a valid HTTP response
-
getMetadataBytesFromResponse
protected byte[] getMetadataBytesFromResponse(org.apache.http.HttpResponse response) throws ResolverException
Extracts the raw metadata bytes from the response taking in to account possible deflate and GZip compression.- Parameters:
response
- GetMethod containing a valid HTTP response- Returns:
- the raw metadata bytes
- Throws:
ResolverException
- thrown if there is a problem getting the raw metadata bytes from the response
-
-