Class DefaultCredentialMonitorBean

java.lang.Object
se.swedenconnect.security.credential.monitoring.DefaultCredentialMonitorBean
All Implemented Interfaces:
CredentialMonitorBean

public class DefaultCredentialMonitorBean extends Object implements CredentialMonitorBean
The default implementation of the CredentialMonitorBean interface.

The bean can be configured to monitor one, or several, credentials. Note that the credentials being tested must implement the ReloadablePkiCredential interface and have a test function installed (ReloadablePkiCredential.getTestFunction() must not be null.

The reason for performing monitoring of credentials is to detect, and possibly fix, the cases where a credential becomes non-functional. This may typically happen if a credential that resides on a hardware device is used. The connection to the device may get lost, and may be fixed by a re-connect. Those types of credentials takes care of their own reloading by implementing ReloadablePkiCredential.reload().

Since testing a credential, especially those residing on hardware devices, may be a relatively costly operation, the monitor bean also supports configuring "additional credentials for reload" (DefaultCredentialMonitorBean(ReloadablePkiCredential, List)). The use case here is that one credential is configured to be monitored (tested), and if this test fails, we try to reload this credential, but also the "additional credentials for reload". This case may be used if we know that we have a set of credentials that all reside on the same device, and if one is non-functional the others will not work either (bacause of a connection failure). In this case we save computing power and keep testing only one credential, and if that one fails, reloads not only the failing credential but the other ones as well.

Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Constructor Details

    • DefaultCredentialMonitorBean

      public DefaultCredentialMonitorBean(@Nonnull ReloadablePkiCredential credential)
      Constructor setting up monitoring of a single credential. If the test for this credential fails a reload attempt will be made (ReloadablePkiCredential.reload()).
      Parameters:
      credential - the credential to monitor, and possible reload
    • DefaultCredentialMonitorBean

      public DefaultCredentialMonitorBean(@Nonnull ReloadablePkiCredential credential, @Nullable List<ReloadablePkiCredential> additionalForReload)
      Constructor setting up monitoring of a single credential. Since many credentials may share the same underlying device it may in some cases be efficient to only test one credential, and if that fails reload multiple credentials (residing on the same device). The additionalForReload contains additional credentials to reload if the test of credential fails.
      Parameters:
      credential - the credential to monitor, and possible reload
      additionalForReload - credentials to reload (in addition to the supplied credential)
    • DefaultCredentialMonitorBean

      public DefaultCredentialMonitorBean(List<ReloadablePkiCredential> credentials)
      Constructor setting up monitoring of the supplied credentials. If the test call for any credential fails, a reload attempt will be made (ReloadablePkiCredential.reload()) for this credential.
      Parameters:
      credentials - the credentials to monitor, and possible reload
  • Method Details

    • test

      public void test()
      Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor.
      Specified by:
      test in interface CredentialMonitorBean
    • reload

      protected void reload(ReloadablePkiCredential credential)
      Performs reloading of the supplied credential. If the reload is successful, the credential is tested again.
      Parameters:
      credential - the credential to reload
    • setTestSuccessCallback

      public void setTestSuccessCallback(Consumer<ReloadablePkiCredential> testSuccessCallback)
      Assigns a callback function that is invoked if the credential is successfully tested.
      Parameters:
      testSuccessCallback - callback
    • setFailureCallback

      public void setFailureCallback(BiFunction<ReloadablePkiCredential,Exception,Boolean> failureCallback)
      Assigns callback function that is invoked if the test of a credential fails. This is typically useful if some sort of alarm should be issued for failing credentials. The callback returns a boolean that tells whether we should try to reload the failing credential.

      The default is to not have a callback. In those case the failure is logged (at error level) and the credential is reloaded. Otherwise, the implementation assumes that the callback handles logging.

      Parameters:
      failureCallback - callback function
    • setReloadSuccessCallback

      public void setReloadSuccessCallback(Consumer<ReloadablePkiCredential> reloadSuccessCallback)
      Assigns a callback function that is invoked if the reloading of a failed credential was successful.
      Parameters:
      reloadSuccessCallback - callback function
    • setReloadFailureCallback

      public void setReloadFailureCallback(BiConsumer<ReloadablePkiCredential,Exception> reloadFailureCallback)
      Assigns a callback function that is invoked if the reloading of a failed credential fails. This is typically useful if some sort of alarm should be issued for failing reloads.

      The default is to not have a callback. In those case the failure is logged (at error level). Otherwise, the implementation assumes that the callback handles logging.

      Parameters:
      reloadFailureCallback - callback function