Package org.opensaml.storage.impl

Class StorageServiceRevocationCache

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent
org.opensaml.storage.impl.StorageServiceRevocationCache
All Implemented Interfaces:
Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent, RevocationCache
@ThreadSafeAfterInit public class StorageServiceRevocationCache extends AbstractIdentifiableInitializableComponent implements RevocationCache
Stores and checks for revocation entries via a StorageService.

This class is thread-safe and uses a synchronized method to prevent race conditions within the underlying store (lacking an atomic "check and insert" operation).

Since:
5.0.0

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Logger.

    • storage

      @NonnullAfterInit private StorageService storage
      Backing storage for the replay cache.

    • strict

      private boolean strict
      Flag controlling behavior on storage failure.

    • expires

      @Nonnull @Positive private Duration expires
      Default lifetime of revocation entry. Default value: 6 hours

  • Constructor Details

    • StorageServiceRevocationCache

      public StorageServiceRevocationCache()
      Constructor.

  • Method Details

    • setEntryExpiration

      public void setEntryExpiration(@Positive @Nonnull Duration entryExpiration)
      Set the default revocation entry expiration.
      Parameters:
      entryExpiration - lifetime of an revocation entry in milliseconds

    • getStorage

      @NonnullAfterInit public StorageService getStorage()
      Get the backing store for the cache.
      Returns:
      the backing store.

    • setStorage

      public void setStorage(@Nonnull StorageService storageService)
      Set the backing store for the cache.
      Parameters:
      storageService - backing store to use

    • isStrict

      public boolean isStrict()
      Get the strictness flag.
      Returns:
      true iff we should treat storage failures as a revocation

    • setStrict

      public void setStrict(boolean flag)
      Set the strictness flag.
      Parameters:
      flag - true iff we should treat storage failures as a revocation

    • doInitialize

      public void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractIdentifiedInitializableComponent
      Throws:
      ComponentInitializationException

    • revoke

      public boolean revoke(@Nonnull @NotEmpty String context, @Nonnull @NotEmpty String key, @Nonnull @NotEmpty String value)
      Invokes RevocationCache.revoke(String, String, String, Duration) with a default expiration parameter.

      If the key has already been revoked, expiration is updated.

      Specified by:
      revoke in interface RevocationCache
      Parameters:
      context - a context label to subdivide the cache
      key - key to revoke
      value - value to insert into revocation record
      Returns:
      true if key has successfully been listed as revoked in the cache

    • revoke

      public boolean revoke(@Nonnull @NotEmpty String context, @Nonnull @NotEmpty String s, @Nonnull @NotEmpty String value, @Nonnull Duration exp)
      Returns true if the value is successfully revoked.

      If the key has already been revoked, expiration is updated.

      Specified by:
      revoke in interface RevocationCache
      Parameters:
      context - a context label to subdivide the cache
      s - key to revoke
      value - value to insert into revocation record
      exp - entry expiration
      Returns:
      true if key has successfully been listed as revoked in the cache

    • unrevoke

      public boolean unrevoke(@Nonnull @NotEmpty String context, @Nonnull @NotEmpty String s)
      Remove a revocation record.
      Specified by:
      unrevoke in interface RevocationCache
      Parameters:
      context - a context label to subdivide the cache
      s - value to remove
      Returns:
      true iff a record was removed

    • isRevoked

      public boolean isRevoked(@Nonnull @NotEmpty String context, @Nonnull @NotEmpty String s)
      Returns true iff the value has been revoked.
      Specified by:
      isRevoked in interface RevocationCache
      Parameters:
      context - a context label to subdivide the cache
      s - value to check
      Returns:
      true iff the check value is found in the cache

    • getRevocationRecord

      @Nullable @NotEmpty public String getRevocationRecord(@Nonnull @NotEmpty String context, @Nonnull @NotEmpty String s) throws IOException
      Attempts to read back a revocation record for a given context and key.

      This alternative approach allows revocation records to include richer data, rather than simple presence/absence as a signal.

      Specified by:
      getRevocationRecord in interface RevocationCache
      Parameters:
      context - revocation context
      s - revocation key
      Returns:
      the matching record, if found, or null if absent
      Throws:
      IOException - raised if an error occurs leading to an indeterminate result