public class MetadataManager extends org.opensaml.saml2.metadata.provider.ChainingMetadataProvider implements ExtendedMetadataProvider, org.springframework.beans.factory.InitializingBean, org.springframework.beans.factory.DisposableBean
The class is synchronized using in internal ReentrantReadWriteLock.
All metadata providers are kept in two groups - available providers - which contain all the ones users have registered, and active providers - all those which passed validation. List of active providers is updated during each refresh.
Modifier and Type | Field and Description |
---|---|
protected KeyManager |
keyManager |
protected org.slf4j.Logger |
log |
Constructor and Description |
---|
MetadataManager(List<org.opensaml.saml2.metadata.provider.MetadataProvider> providers)
Creates new metadata manager, automatically registers itself for notifications from metadata changes and calls
reload upon a change.
|
Modifier and Type | Method and Description |
---|---|
void |
addMetadataProvider(org.opensaml.saml2.metadata.provider.MetadataProvider newProvider)
Adds a new metadata provider to the managed list.
|
void |
afterPropertiesSet()
Method must be called after provider construction.
|
void |
destroy()
Stops and removes the timer in case it was started.
|
List<ExtendedMetadataDelegate> |
getAvailableProviders()
Method provides list of all available providers.
|
ExtendedMetadata |
getDefaultExtendedMetadata() |
String |
getDefaultIDP()
Returns entity ID of the IDP to be used by default.
|
org.opensaml.saml2.metadata.EntityDescriptor |
getEntityDescriptor(byte[] hash)
Locates entity descriptor whose entityId SHA-1 hash equals the one in the parameter.
|
String |
getEntityIdForAlias(String entityAlias)
Tries to load entityId for entity with the given alias.
|
ExtendedMetadata |
getExtendedMetadata(String entityID)
Tries to locate ExtendedMetadata by trying one provider after another.
|
String |
getHostedSPName()
The method returns name of SP running this application.
|
Set<String> |
getIDPEntityNames()
Returns set of names of all IDPs available in the metadata
|
protected org.opensaml.xml.security.x509.PKIXValidationInformationResolver |
getPKIXResolver(org.opensaml.saml2.metadata.provider.MetadataProvider provider,
Set<String> trustedKeys,
Set<String> trustedNames)
Method is expected to construct information resolver with all trusted data available for the given provider.
|
List<org.opensaml.saml2.metadata.provider.MetadataProvider> |
getProviders()
Method provides list of active providers - those which are valid and can be queried for metadata.
|
Set<String> |
getSPEntityNames()
Returns set of names of all SPs entity names
|
protected org.opensaml.xml.signature.SignatureTrustEngine |
getTrustEngine(org.opensaml.saml2.metadata.provider.MetadataProvider provider)
Method is expected to create a trust engine used to verify signatures from this provider.
|
protected void |
initializeProvider(ExtendedMetadataDelegate provider)
Method is expected to make sure that the provider is properly initialized.
|
protected void |
initializeProviderData(ExtendedMetadataDelegate provider)
Method populates local storage of IDP and SP names and verifies any name conflicts which might arise.
|
protected void |
initializeProviderFilters(ExtendedMetadataDelegate provider)
Method is automatically called during each attempt to initialize the provider data.
|
boolean |
isIDPValid(String idpID) |
boolean |
isRefreshRequired()
Flag indicating whether configuration of the metadata should be reloaded.
|
boolean |
isSPValid(String spID) |
protected List<String> |
parseProvider(org.opensaml.saml2.metadata.provider.MetadataProvider provider)
Parses the provider and returns set of entityIDs contained inside the provider.
|
void |
refreshMetadata()
Method can be repeatedly called to browse all configured providers and load SP and IDP names which
are supported by them.
|
void |
removeMetadataProvider(org.opensaml.saml2.metadata.provider.MetadataProvider provider)
Removes existing metadata provider from the availability list.
|
void |
setDefaultExtendedMetadata(ExtendedMetadata defaultExtendedMetadata)
Sets default extended metadata to be used in case no version specific is available.
|
void |
setDefaultIDP(String defaultIDP)
Sets name of IDP to be used as default.
|
void |
setHostedSPName(String hostedSPName)
Sets nameID of SP hosted on this machine.
|
void |
setKeyManager(KeyManager keyManager) |
void |
setProviders(List<org.opensaml.saml2.metadata.provider.MetadataProvider> newProviders) |
void |
setRefreshCheckInterval(long refreshCheckInterval)
Interval in milliseconds used for re-verification of metadata and their reload.
|
void |
setRefreshRequired(boolean refreshRequired)
Indicates that the metadata should be reloaded as the provider configuration has changed.
|
void |
setTLSConfigurer(TLSProtocolConfigurer configurer) |
doAddMetadataProvider, emitChangeEvent, getEntitiesDescriptor, getEntityDescriptor, getMetadata, getMetadataFilter, getObservers, getRole, getRole, setMetadataFilter, setRequireValidMetadata
requireValidMetadata
protected final org.slf4j.Logger log
protected KeyManager keyManager
public MetadataManager(List<org.opensaml.saml2.metadata.provider.MetadataProvider> providers) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
It is mandatory that method afterPropertiesSet is called after the construction.
providers
- providers to include, mustn't be null or emptyorg.opensaml.saml2.metadata.provider.MetadataProviderException
- error during initializationpublic final void afterPropertiesSet() throws org.opensaml.saml2.metadata.provider.MetadataProviderException
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
org.opensaml.saml2.metadata.provider.MetadataProviderException
- errorpublic void destroy()
destroy
in interface org.springframework.beans.factory.DisposableBean
destroy
in class org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
public void setProviders(List<org.opensaml.saml2.metadata.provider.MetadataProvider> newProviders) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
setProviders
in class org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
org.opensaml.saml2.metadata.provider.MetadataProviderException
public void refreshMetadata()
public void addMetadataProvider(org.opensaml.saml2.metadata.provider.MetadataProvider newProvider) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
Unless provider already extends class ExtendedMetadataDelegate it will be automatically wrapped in it as part of the addition.
addMetadataProvider
in class org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
newProvider
- providerorg.opensaml.saml2.metadata.provider.MetadataProviderException
- in case provider can't be addedpublic void removeMetadataProvider(org.opensaml.saml2.metadata.provider.MetadataProvider provider)
removeMetadataProvider
in class org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
provider
- provider to removepublic List<org.opensaml.saml2.metadata.provider.MetadataProvider> getProviders()
getProviders
in class org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
public List<ExtendedMetadataDelegate> getAvailableProviders()
protected void initializeProvider(ExtendedMetadataDelegate provider) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
provider
- provider to initializeorg.opensaml.saml2.metadata.provider.MetadataProviderException
- errorprotected void initializeProviderData(ExtendedMetadataDelegate provider) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
provider
- provider to initializeorg.opensaml.saml2.metadata.provider.MetadataProviderException
- errorprotected void initializeProviderFilters(ExtendedMetadataDelegate provider) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
Each provider must extend AbstractMetadataProvider or be of ExtendedMetadataDelegate type.
By default a SignatureValidationFilter is added together with any existing filters.
provider
- provider to checkorg.opensaml.saml2.metadata.provider.MetadataProviderException
- in case initialization failsprotected org.opensaml.xml.signature.SignatureTrustEngine getTrustEngine(org.opensaml.saml2.metadata.provider.MetadataProvider provider)
provider
- provider to create engine forprotected org.opensaml.xml.security.x509.PKIXValidationInformationResolver getPKIXResolver(org.opensaml.saml2.metadata.provider.MetadataProvider provider, Set<String> trustedKeys, Set<String> trustedNames)
provider
- providertrustedKeys
- trusted keys for the providerstrustedNames
- trusted names for the providers (always null)protected List<String> parseProvider(org.opensaml.saml2.metadata.provider.MetadataProvider provider) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
provider
- provider to parseorg.opensaml.saml2.metadata.provider.MetadataProviderException
- errorpublic Set<String> getIDPEntityNames()
public Set<String> getSPEntityNames()
public boolean isIDPValid(String idpID)
idpID
- name of IDP to checkpublic boolean isSPValid(String spID)
spID
- entity ID of SP to checkpublic String getHostedSPName()
public void setHostedSPName(String hostedSPName)
hostedSPName
- name of metadata describing SP hosted on this machinepublic String getDefaultIDP() throws org.opensaml.saml2.metadata.provider.MetadataProviderException
org.opensaml.saml2.metadata.provider.MetadataProviderException
- in case IDP can't be determinedpublic void setDefaultIDP(String defaultIDP)
defaultIDP
- IDP to set as defaultpublic ExtendedMetadata getExtendedMetadata(String entityID) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
In case none of the providers can supply the extended version, the default is used.
A copy of the internal representation is always returned, modifying the returned object will not be reflected in the subsequent calls.
getExtendedMetadata
in interface ExtendedMetadataProvider
entityID
- entity ID to load extended metadata fororg.opensaml.saml2.metadata.provider.MetadataProviderException
- never thrownpublic org.opensaml.saml2.metadata.EntityDescriptor getEntityDescriptor(byte[] hash) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
hash
- hash of the entity descriptororg.opensaml.saml2.metadata.provider.MetadataProviderException
- in case metadata required for processing can't be loadedpublic String getEntityIdForAlias(String entityAlias) throws org.opensaml.saml2.metadata.provider.MetadataProviderException
entityAlias
- alias to locate id fororg.opensaml.saml2.metadata.provider.MetadataProviderException
- in case two entity have the same non-null aliaspublic ExtendedMetadata getDefaultExtendedMetadata()
public void setDefaultExtendedMetadata(ExtendedMetadata defaultExtendedMetadata)
defaultExtendedMetadata
- metadata, RuntimeException when nullpublic boolean isRefreshRequired()
public void setRefreshRequired(boolean refreshRequired)
refreshRequired
- true if refresh is requiredpublic void setRefreshCheckInterval(long refreshCheckInterval)
In case the value is smaller than zero the timer is not created. The default value is 10000l.
The value can only be modified before the call to the afterBeanPropertiesSet, the changes are not applied after that.
refreshCheckInterval
- internal, timer not created if <= 2000@Autowired public void setKeyManager(KeyManager keyManager)
@Autowired(required=false) public void setTLSConfigurer(TLSProtocolConfigurer configurer)