Package se.swedenconnect.security.credential.monitoring

Class DefaultCredentialMonitorBean

java.lang.Object

se.swedenconnect.security.credential.monitoring.DefaultCredentialMonitorBean

All Implemented Interfaces:

InitializingBean, CredentialMonitorBean

public class DefaultCredentialMonitorBean
extends Object
implements CredentialMonitorBean, InitializingBean

The default implementation of the CredentialMonitorBean interface.

The bean can be configured to monitor one, or several, credentials. Note that the credentials being tested must implement the ReloadablePkiCredential interface and have a test function installed (ReloadablePkiCredential.getTestFunction() must not be null.

The reason for performing monitoring of credentials is to detect, and possibly fix, the cases where a credential becomes non-functional. This may typically happen if a credential that resides on a hardware device is used. The connection to the device may get lost, and may be fixed by a re-connect. Those types of credentials takes care of their own reloading by implementing ReloadablePkiCredential.reload().

Since testing a credential, especially those residing on hardware devices, may be a relatively costly operation, the monitor bean also supports configuring "additional credentials for reload" (setAdditionalForReload(List)). The use case here is that one credential is configured to be monitored (tested), and if this test fails, we try to reload this credential, but also the "additional credentials for reload". This case may be used if we know that we have a set of credentials that all reside on the same device, and if one is non-functional the others will not work either (bacause of a connection failure). In this case we save computing power and keep testing only one credential, and if that one fails, reloads not only the failing credential but the other ones as well.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Constructor Summary

Constructors

Constructor	Description
DefaultCredentialMonitorBean()	Default constructor.
DefaultCredentialMonitorBean(List<ReloadablePkiCredential> credentials)	Constructor setting up monitoring of the supplied credentials.
DefaultCredentialMonitorBean(ReloadablePkiCredential credential)	Constructor setting up monitoring of a single credential.
DefaultCredentialMonitorBean(ReloadablePkiCredential credential, List<ReloadablePkiCredential> additionalForReload)	Constructor setting up monitoring of a single credential.

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()
protected void	reload(ReloadablePkiCredential credential)	Performs reloading of the supplied credential.
void	setAdditionalForReload(List<ReloadablePkiCredential> additionalForReload)	Assigns the a list of additional credentials that should be reloaded if a test fails.
void	setCredential(ReloadablePkiCredential credential)	Assigns the credential that should be monitored.
void	setCredentials(List<ReloadablePkiCredential> credentials)	Assigns the credentials that should be monitored.
void	setFailureCallback(BiFunction<ReloadablePkiCredential,Exception,Boolean> failureCallback)	Assigns callback function that is invoked if the test of a credential fails.
void	setReloadFailureCallback(BiConsumer<ReloadablePkiCredential,Exception> reloadFailureCallback)	Assigns a callback function that is invoked if the reloading of a failed credential fails.
void	setReloadSuccessCallback(Consumer<ReloadablePkiCredential> reloadSuccessCallback)	Assigns a callback function that is invoked if the reloading of a failed credential was successful.
void	test()	Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultCredentialMonitorBean

public DefaultCredentialMonitorBean()

Default constructor.

DefaultCredentialMonitorBean

public DefaultCredentialMonitorBean(ReloadablePkiCredential credential)

Constructor setting up monitoring of a single credential. If the test for this credential fails a reload attempt will be made (ReloadablePkiCredential.reload()).

Parameters:

credential - the credential to monitor, and possible reload

DefaultCredentialMonitorBean

public DefaultCredentialMonitorBean(ReloadablePkiCredential credential,
 List<ReloadablePkiCredential> additionalForReload)

Constructor setting up monitoring of a single credential. Since many credentials may share the same underlying device it may in some cases be efficient to only test one credential, and if that fails reload multiple credentials (residing on the same device). The additionalForReload contains additional credentials to reload if the test of credential fails.

Parameters:

credential - the credential to monitor, and possible reload

additionalForReload - credentials to reload (in addition to the supplied credential)

DefaultCredentialMonitorBean

public DefaultCredentialMonitorBean(List<ReloadablePkiCredential> credentials)

Constructor setting up monitoring of the supplied credentials. If the test call for any credential fails, a reload attempt will be made (ReloadablePkiCredential.reload()) for this credential.

Parameters:

credentials - the credentials to monitor, and possible reload

Method Details

test

public void test()

Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor.

Specified by:

test in interface CredentialMonitorBean

reload

protected void reload(ReloadablePkiCredential credential)

Performs reloading of the supplied credential. If the reload is successful, the credential is tested again.

Parameters:

credential - the credential to reload

setCredential

public void setCredential(ReloadablePkiCredential credential)

Assigns the credential that should be monitored.

Parameters:

credential - the credential to be monitored

setCredentials

public void setCredentials(List<ReloadablePkiCredential> credentials)

Assigns the credentials that should be monitored.

Parameters:

credentials - the credentials to be monitored

setAdditionalForReload

public void setAdditionalForReload(List<ReloadablePkiCredential> additionalForReload)

Assigns the a list of additional credentials that should be reloaded if a test fails.

Parameters:

additionalForReload - additional credentials for reload

setFailureCallback

public void setFailureCallback(BiFunction<ReloadablePkiCredential,Exception,Boolean> failureCallback)

Assigns callback function that is invoked if the test of a credential fails. This is typically useful if some sort of alarm should be issued for failing credentials. The callback returns a boolean that tells whether we should try to reload the failing credential.

The default is to not have a callback. In those case the failure is logged (at error level) and the credential is reloaded. Otherwise, the implementation assumes that the callback handles logging.

Parameters:

failureCallback - callback function

setReloadSuccessCallback

public void setReloadSuccessCallback(Consumer<ReloadablePkiCredential> reloadSuccessCallback)

Assigns a callback function that is invoked if the reloading of a failed credential was successful.

Parameters:

reloadSuccessCallback - callback function

setReloadFailureCallback

public void setReloadFailureCallback(BiConsumer<ReloadablePkiCredential,Exception> reloadFailureCallback)

Assigns a callback function that is invoked if the reloading of a failed credential fails. This is typically useful if some sort of alarm should be issued for failing reloads.

The default is to not have a callback. In those case the failure is logged (at error level). Otherwise, the implementation assumes that the callback handles logging.

Parameters:

reloadFailureCallback - callback function

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception