Class DefaultCredentialMonitorBean
- All Implemented Interfaces:
CredentialMonitorBean
CredentialMonitorBean
interface.
The bean can be configured to monitor one, or several, credentials. Note that the credentials being tested must
implement the ReloadablePkiCredential
interface and have a test function installed
(ReloadablePkiCredential.getTestFunction()
must not be null
.
The reason for performing monitoring of credentials is to detect, and possibly fix, the cases where a credential
becomes non-functional. This may typically happen if a credential that resides on a hardware device is used. The
connection to the device may get lost, and may be fixed by a re-connect. Those types of credentials takes care of
their own reloading by implementing ReloadablePkiCredential.reload()
.
Since testing a credential, especially those residing on hardware devices, may be a relatively costly operation, the
monitor bean also supports configuring "additional credentials for reload"
(DefaultCredentialMonitorBean(ReloadablePkiCredential, List)
). The use case here is that one credential is
configured to be monitored (tested), and if this test fails, we try to reload this credential, but also the
"additional credentials for reload". This case may be used if we know that we have a set of credentials that all
reside on the same device, and if one is non-functional the others will not work either (bacause of a connection
failure). In this case we save computing power and keep testing only one credential, and if that one fails, reloads
not only the failing credential but the other ones as well.
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Constructor Summary
ConstructorDescriptionDefaultCredentialMonitorBean
(List<ReloadablePkiCredential> credentials) Constructor setting up monitoring of the supplied credentials.DefaultCredentialMonitorBean
(ReloadablePkiCredential credential) Constructor setting up monitoring of a single credential.DefaultCredentialMonitorBean
(ReloadablePkiCredential credential, List<ReloadablePkiCredential> additionalForReload) Constructor setting up monitoring of a single credential. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
reload
(ReloadablePkiCredential credential) Performs reloading of the supplied credential.void
setFailureCallback
(BiFunction<ReloadablePkiCredential, Exception, Boolean> failureCallback) Assigns callback function that is invoked if the test of a credential fails.void
setReloadFailureCallback
(BiConsumer<ReloadablePkiCredential, Exception> reloadFailureCallback) Assigns a callback function that is invoked if the reloading of a failed credential fails.void
setReloadSuccessCallback
(Consumer<ReloadablePkiCredential> reloadSuccessCallback) Assigns a callback function that is invoked if the reloading of a failed credential was successful.void
setTestSuccessCallback
(Consumer<ReloadablePkiCredential> testSuccessCallback) Assigns a callback function that is invoked if the credential is successfully tested.void
test()
Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor.
-
Constructor Details
-
DefaultCredentialMonitorBean
Constructor setting up monitoring of a single credential. If the test for this credential fails a reload attempt will be made (ReloadablePkiCredential.reload()
).- Parameters:
credential
- the credential to monitor, and possible reload
-
DefaultCredentialMonitorBean
public DefaultCredentialMonitorBean(@Nonnull ReloadablePkiCredential credential, @Nullable List<ReloadablePkiCredential> additionalForReload) Constructor setting up monitoring of a single credential. Since many credentials may share the same underlying device it may in some cases be efficient to only test one credential, and if that fails reload multiple credentials (residing on the same device). TheadditionalForReload
contains additional credentials to reload if the test ofcredential
fails.- Parameters:
credential
- the credential to monitor, and possible reloadadditionalForReload
- credentials to reload (in addition to the supplied credential)
-
DefaultCredentialMonitorBean
Constructor setting up monitoring of the supplied credentials. If the test call for any credential fails, a reload attempt will be made (ReloadablePkiCredential.reload()
) for this credential.- Parameters:
credentials
- the credentials to monitor, and possible reload
-
-
Method Details
-
test
public void test()Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor.- Specified by:
test
in interfaceCredentialMonitorBean
-
reload
Performs reloading of the supplied credential. If the reload is successful, the credential is tested again.- Parameters:
credential
- the credential to reload
-
setTestSuccessCallback
Assigns a callback function that is invoked if the credential is successfully tested.- Parameters:
testSuccessCallback
- callback
-
setFailureCallback
public void setFailureCallback(BiFunction<ReloadablePkiCredential, Exception, Boolean> failureCallback) Assigns callback function that is invoked if the test of a credential fails. This is typically useful if some sort of alarm should be issued for failing credentials. The callback returns a boolean that tells whether we should try to reload the failing credential.The default is to not have a callback. In those case the failure is logged (at error level) and the credential is reloaded. Otherwise, the implementation assumes that the callback handles logging.
- Parameters:
failureCallback
- callback function
-
setReloadSuccessCallback
Assigns a callback function that is invoked if the reloading of a failed credential was successful.- Parameters:
reloadSuccessCallback
- callback function
-
setReloadFailureCallback
public void setReloadFailureCallback(BiConsumer<ReloadablePkiCredential, Exception> reloadFailureCallback) Assigns a callback function that is invoked if the reloading of a failed credential fails. This is typically useful if some sort of alarm should be issued for failing reloads.The default is to not have a callback. In those case the failure is logged (at error level). Otherwise, the implementation assumes that the callback handles logging.
- Parameters:
reloadFailureCallback
- callback function
-