Class AbstractMetadataProvider
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
- All Implemented Interfaces:
net.shibboleth.shared.component.Component
,net.shibboleth.shared.component.DestructableComponent
,net.shibboleth.shared.component.InitializableComponent
,MetadataProvider
- Direct Known Subclasses:
CompositeMetadataProvider
,FilesystemMetadataProvider
,HTTPMetadataProvider
,MDQMetadataProvider
,ProxyMetadataProvider
,StaticMetadataProvider
public abstract class AbstractMetadataProvider
extends net.shibboleth.shared.component.AbstractInitializableComponent
implements MetadataProvider
Abstract base class for the
MetadataProvider
interface.- Author:
- Martin Lindström (martin@idsec.se)
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static class
Iterates over EntitiesDescriptor or EntityDescriptor. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected org.opensaml.saml.metadata.resolver.filter.MetadataFilter
Creates the filter(s) that this instance should be configured with.protected abstract void
createMetadataResolver
(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) Creates the specificMetadataResolver
instance for the provider implementation.protected abstract void
Destroys the metadata resolver.protected void
protected final void
org.opensaml.saml.saml2.metadata.EntityDescriptor
getEntityDescriptor
(String entityID) Returns the entity descriptor identified by the given entityID.org.opensaml.saml.saml2.metadata.EntityDescriptor
getEntityDescriptor
(String entityID, QName role) Returns the entity descriptor identified by the given entityID and given role.List
<org.opensaml.saml.saml2.metadata.EntityDescriptor> Utility method that returns a list of entity descriptors for Identity Providers found in the metadata.Returns the time the currently available metadata was last updated.org.opensaml.core.xml.XMLObject
Returns the XML element making up the metadata for the federation.Returns the DOM element making up the metadata for the federation.List
<org.opensaml.saml.saml2.metadata.EntityDescriptor> Utility method that returns a list of entity descriptors for Service Providers found in the metadata.Gets the certificate that is to be used when verifying the signature on downloaded metadata.protected abstract void
Initializes the metadata resolver.Iterable
<org.opensaml.saml.saml2.metadata.EntityDescriptor> iterator()
Returns an iterator for all entity descriptors held by the provider.Iterable
<org.opensaml.saml.saml2.metadata.EntityDescriptor> Returns an iterator for all entity descriptors having the given role.void
refresh()
Refresh the metadata handled by the provider.void
setExclusionPredicates
(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> exclusionPredicates) Assigns a list of exclusion predicates that will be applied to downloaded metadata.void
setFailFastInitialization
(boolean failFast) Sets whether problems during initialization should cause the provider to fail or go on without metadata.void
setInclusionPredicates
(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> inclusionPredicates) Assigns a list of inclusion predicates that will be applied to downloaded metadata.void
setKeepOnlySpAndIdps
(boolean keepOnlySpAndIdps) Tells whether we should keep only SP and IdP role descriptors.protected void
setMetadata
(org.opensaml.core.xml.XMLObject metadata) Assigns the metadata that was downloaded.void
setPerformSchemaValidation
(boolean performSchemaValidation) Assigns whether XML schema validation should be performed on downloaded metadata.void
setRequireValidMetadata
(boolean requireValidMetadata) Sets whether the metadata returned by queries must be valid.void
setSignatureVerificationCertificate
(X509Certificate signatureVerificationCertificate) Assigns the certificate that is to be used when verifying the signature on downloaded metadata.void
setSignatureVerificationCertificates
(List<X509Certificate> signatureVerificationCertificates) Assigns the certificates that are to be used when verifying the signature on downloaded metadata.Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface net.shibboleth.shared.component.DestructableComponent
destroy, isDestroyed
Methods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
Methods inherited from interface se.swedenconnect.opensaml.saml2.metadata.provider.MetadataProvider
getID, getMetadataResolver
-
Constructor Details
-
AbstractMetadataProvider
public AbstractMetadataProvider()
-
-
Method Details
-
getMetadata
public org.opensaml.core.xml.XMLObject getMetadata()Returns the XML element making up the metadata for the federation. This element is either anEntityDescriptor
or anEntitiesDescriptor
.- Specified by:
getMetadata
in interfaceMetadataProvider
- Returns:
- an XML element
-
getMetadataDOM
Returns the DOM element making up the metadata for the federation.- Specified by:
getMetadataDOM
in interfaceMetadataProvider
- Returns:
- a DOM element
- Throws:
org.opensaml.core.xml.io.MarshallingException
- for XML marshalling errors
-
getLastUpdate
Returns the time the currently available metadata was last updated.- Specified by:
getLastUpdate
in interfaceMetadataProvider
- Returns:
- time when the currently metadata was last updated, or null if no metadata has been successfully loaded
-
refresh
public void refresh() throws net.shibboleth.shared.resolver.ResolverExceptionRefresh the metadata handled by the provider.An implementation that does not support refresh should implement this operation as a no-op. Implementations that do support refresh of metadata should typically be either
synchronized
or make use other locking mechanisms to protect against concurrent access.- Specified by:
refresh
in interfaceMetadataProvider
- Throws:
net.shibboleth.shared.resolver.ResolverException
- if the refresh operation was unsuccessful
-
iterator
Returns an iterator for all entity descriptors held by the provider.- Specified by:
iterator
in interfaceMetadataProvider
- Returns:
- an iterator for all entity descriptors
-
iterator
Returns an iterator for all entity descriptors having the given role.To list all IdP:s and SP:s do:
idps = provider.iterator(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); sps = provider.iterator(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- Specified by:
iterator
in interfaceMetadataProvider
- Parameters:
role
- role descriptor- Returns:
- an iterator for all matching entity descriptors
- See Also:
-
getEntityDescriptor
public org.opensaml.saml.saml2.metadata.EntityDescriptor getEntityDescriptor(String entityID) throws net.shibboleth.shared.resolver.ResolverException Returns the entity descriptor identified by the given entityID.- Specified by:
getEntityDescriptor
in interfaceMetadataProvider
- Parameters:
entityID
- the unique entityID for the entry- Returns:
- an entity descriptor or null if no entry is found
- Throws:
net.shibboleth.shared.resolver.ResolverException
- for underlying metadata errors
-
getEntityDescriptor
public org.opensaml.saml.saml2.metadata.EntityDescriptor getEntityDescriptor(String entityID, QName role) throws net.shibboleth.shared.resolver.ResolverException Returns the entity descriptor identified by the given entityID and given role.- Specified by:
getEntityDescriptor
in interfaceMetadataProvider
- Parameters:
entityID
- the entity IDrole
- the role descriptor- Returns:
- an entity descriptor or null if no matching entry is found
- Throws:
net.shibboleth.shared.resolver.ResolverException
- for underlying metadata errors
-
getIdentityProviders
public List<org.opensaml.saml.saml2.metadata.EntityDescriptor> getIdentityProviders() throws net.shibboleth.shared.resolver.ResolverExceptionUtility method that returns a list of entity descriptors for Identity Providers found in the metadata.- Specified by:
getIdentityProviders
in interfaceMetadataProvider
- Returns:
- a list of entity descriptors
- Throws:
net.shibboleth.shared.resolver.ResolverException
- for metadata errors
-
getServiceProviders
public List<org.opensaml.saml.saml2.metadata.EntityDescriptor> getServiceProviders() throws net.shibboleth.shared.resolver.ResolverExceptionUtility method that returns a list of entity descriptors for Service Providers found in the metadata.- Specified by:
getServiceProviders
in interfaceMetadataProvider
- Returns:
- a list of entity descriptors
- Throws:
net.shibboleth.shared.resolver.ResolverException
- for metadata errors
-
setMetadata
protected void setMetadata(org.opensaml.core.xml.XMLObject metadata) Assigns the metadata that was downloaded.- Parameters:
metadata
- metadata object
-
doInitialize
protected final void doInitialize() throws net.shibboleth.shared.component.ComponentInitializationException- Overrides:
doInitialize
in classnet.shibboleth.shared.component.AbstractInitializableComponent
- Throws:
net.shibboleth.shared.component.ComponentInitializationException
-
createFilter
protected org.opensaml.saml.metadata.resolver.filter.MetadataFilter createFilter() throws net.shibboleth.shared.component.ComponentInitializationExceptionCreates the filter(s) that this instance should be configured with.- Returns:
- a metadata filter
- Throws:
net.shibboleth.shared.component.ComponentInitializationException
- if filters fails to initialize
-
doDestroy
protected void doDestroy()- Overrides:
doDestroy
in classnet.shibboleth.shared.component.AbstractInitializableComponent
-
createMetadataResolver
protected abstract void createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) throws net.shibboleth.shared.resolver.ResolverException Creates the specificMetadataResolver
instance for the provider implementation.The
filter
parameter is aMetadataFilter
that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.- Parameters:
requireValidMetadata
- should be passed intoMetadataResolver.setRequireValidMetadata(boolean)
failFastInitialization
- should be passed intoAbstractMetadataResolver.setFailFastInitialization(boolean)
(if applicable)filter
- filter that must be installed for the resolver- Throws:
net.shibboleth.shared.resolver.ResolverException
- for errors creating the resolver
-
initializeMetadataResolver
protected abstract void initializeMetadataResolver() throws net.shibboleth.shared.component.ComponentInitializationExceptionInitializes the metadata resolver.- Throws:
net.shibboleth.shared.component.ComponentInitializationException
- for initialization errors
-
destroyMetadataResolver
protected abstract void destroyMetadataResolver()Destroys the metadata resolver. -
setRequireValidMetadata
public void setRequireValidMetadata(boolean requireValidMetadata) Sets whether the metadata returned by queries must be valid.- Parameters:
requireValidMetadata
- whether the metadata returned by queries must be valid
-
setFailFastInitialization
public void setFailFastInitialization(boolean failFast) Sets whether problems during initialization should cause the provider to fail or go on without metadata. The assumption being that in most cases a provider will recover at some point in the future.- Parameters:
failFast
- whether problems during initialization should cause the provider to fail
-
setSignatureVerificationCertificate
Assigns the certificate that is to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.- Parameters:
signatureVerificationCertificate
- the certificate to assign
-
setSignatureVerificationCertificates
public void setSignatureVerificationCertificates(List<X509Certificate> signatureVerificationCertificates) Assigns the certificates that are to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.The reason that more than one certificate may be assigned is that we want to be able to handle signing certificate updates in a smooth way.
- Parameters:
signatureVerificationCertificates
- the certificates to assign
-
getSignatureVerificationCertificates
Gets the certificate that is to be used when verifying the signature on downloaded metadata.- Returns:
- the certificates or null
-
setPerformSchemaValidation
public void setPerformSchemaValidation(boolean performSchemaValidation) Assigns whether XML schema validation should be performed on downloaded metadata.- Parameters:
performSchemaValidation
- whether schema validation should be performed
-
setKeepOnlySpAndIdps
public void setKeepOnlySpAndIdps(boolean keepOnlySpAndIdps) Tells whether we should keep only SP and IdP role descriptors. The default is true.- Parameters:
keepOnlySpAndIdps
- whether to keep only SPs and IdPs.
-
setInclusionPredicates
public void setInclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> inclusionPredicates) Assigns a list of inclusion predicates that will be applied to downloaded metadata.- Parameters:
inclusionPredicates
- predicates- See Also:
-
setExclusionPredicates
public void setExclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> exclusionPredicates) Assigns a list of exclusion predicates that will be applied to downloaded metadata.- Parameters:
exclusionPredicates
- predicates- See Also:
-