Skip to content

Commit

Permalink
SES-68 Finished support for adding/removing metadata on the fly.
Browse files Browse the repository at this point in the history
  • Loading branch information
@vschafer
vschafer committed Apr 11, 2011
1 parent d651f27 commit 0f6f55a
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 6 deletions.
2 changes: 1 addition & 1 deletion ...re/src/main/java/org/springframework/security/saml/metadata/AbstractMetadataDelegate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public boolean equals(Object obj) {
ExtendedMetadataDelegate del = (ExtendedMetadataDelegate) obj;
return delegate.equals(del.getDelegate());
} else {
return delegate.equals(obj);
return false;
}
}

Expand Down
52 changes: 47 additions & 5 deletions .../saml2-core/src/main/java/org/springframework/security/saml/metadata/MetadataManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,9 @@ public void refreshMetadata() {
/**
* Adds a new metadata provider to the managed list. At first provider is only registered and will be validated
* upon next round of metadata refreshing or call to refreshMetadata.
* <p>
* Unless provider already extends class ExtendedMetadataDelegate it will be automatically wrapped in it as part of the
* addition.
*
* @param newProvider provider
* @throws MetadataProviderException in case provider can't be added
Expand All @@ -280,6 +283,12 @@ public void addMetadataProvider(MetadataProvider newProvider) throws MetadataPro

}

/**
* Removes existing metadata provider from the availability list. Provider will be completely removed
* during next manager refresh.
*
* @param provider provider to remove
*/
@Override
public void removeMetadataProvider(MetadataProvider provider) {

Expand All @@ -293,7 +302,6 @@ public void removeMetadataProvider(MetadataProvider provider) {

ExtendedMetadataDelegate wrappedProvider = getWrappedProvider(provider);
availableProviders.remove(wrappedProvider);
super.removeMetadataProvider(wrappedProvider);

} finally {
lock.writeLock().unlock();
Expand All @@ -303,6 +311,39 @@ public void removeMetadataProvider(MetadataProvider provider) {

}

/**
* Method provides list of active providers - those which are valid and can be queried for metadata. Returned
* value is a copy.
*
* @return active providers
*/
public List<MetadataProvider> getProviders() {

try {
lock.readLock().lock();
return new ArrayList<MetadataProvider>(super.getProviders());
} finally {
lock.readLock().unlock();
}

}
/**
* Method provides list of all available providers. Not all of these providers may be used in case their validation failed.
* Returned value is a copy of the data.
*
* @return all available providers
*/
public List<ExtendedMetadataDelegate> getAvailableProviders() {

try {
lock.readLock().lock();
return new ArrayList<ExtendedMetadataDelegate>(availableProviders);
} finally {
lock.readLock().unlock();
}

}

private ExtendedMetadataDelegate getWrappedProvider(MetadataProvider provider) {
if (!(provider instanceof ExtendedMetadataDelegate)) {
log.debug("Wrapping metadata provider {} with extendedMetadataDelegate", provider);
Expand Down Expand Up @@ -355,7 +396,7 @@ protected void initializeProviderData(ExtendedMetadataDelegate provider) throws
roleDescriptor = provider.getRole(key, SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS);
if (roleDescriptor != null) {
if (spName.contains(key)) {
log.warn("Provider {} contains entity {} which SP which was already contained in another metadata provider and will be ignored", provider, key);
log.warn("Provider {} contains entity {} which was already included in another metadata provider and will be ignored", provider, key);
} else {
spName.add(key);
}
Expand Down Expand Up @@ -397,6 +438,7 @@ protected void initializeProviderData(ExtendedMetadataDelegate provider) throws
log.debug("Remote entity {} available", key);

}

} else {

log.debug("No extended metadata available for entity {}", key);
Expand All @@ -423,7 +465,7 @@ protected void initializeProviderFilters(ExtendedMetadataDelegate provider) thro

if (provider.isTrustFiltersInitialized()) {

log.debug("Metadata provider was already initialized, signature validation will be skipped");
log.debug("Metadata provider was already initialized, signature filter initialization will be skipped");

} else {

Expand All @@ -438,11 +480,11 @@ protected void initializeProviderFilters(ExtendedMetadataDelegate provider) thro
MetadataFilter currentFilter = provider.getMetadataFilter();
if (currentFilter != null) {
if (currentFilter instanceof MetadataFilterChain) {
log.debug("Adding trust filter into existing chain");
log.debug("Adding signature filter into existing chain");
MetadataFilterChain chain = (MetadataFilterChain) currentFilter;
chain.getFilters().add(filter);
} else {
log.debug("Combining filter with the existing in a new chain");
log.debug("Combining signature filter with the existing in a new chain");
MetadataFilterChain chain = new MetadataFilterChain();
chain.getFilters().add(currentFilter);
chain.getFilters().add(filter);
Expand Down
31 changes: 31 additions & 0 deletions ...l2-core/src/test/java/org/springframework/security/saml/metadata/MetadataManagerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
import junit.framework.Assert;
import org.junit.Before;
import org.junit.Test;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
Expand Down Expand Up @@ -188,6 +190,35 @@ public void testConcurrency() throws Exception {

}

/**
* Test verifies that new metadata provider can be added after manager has already been created.
* @throws Exception error
*/
@Test
public void testMetadataChanges() throws Exception {

MetadataProvider newProvider = context.getBean("singleProvider", MetadataProvider.class);
assertNull(manager.getEntityDescriptor("http://localhost:8080/noBinding"));

manager.addMetadataProvider(newProvider);
manager.refreshMetadata();
assertNotNull(manager.getEntityDescriptor("http://localhost:8080/noBinding"));

boolean found = false;
for (ExtendedMetadataDelegate provider : manager.getAvailableProviders()) {
if (newProvider.equals(provider) || newProvider.equals(provider.getDelegate()) ) {
found = true;
break;
}
}
assertTrue("Added provider wasn't found in the list of active providers", found);

manager.removeMetadataProvider(newProvider);
manager.refreshMetadata();
assertNull(manager.getEntityDescriptor("http://localhost:8080/noBinding"));

}

private class MetadataReloader extends TimerTask {

// State of the refresh flag during last execution
Expand Down
9 changes: 9 additions & 0 deletions ...ore/src/test/resources/org/springframework/security/saml/metadata/MetadataManagerTest.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,15 @@
<property name="refreshCheckInterval" value="100"/>
</bean>

<!-- A provider we will add/remove from metadata manager -->
<bean id="singleProvider" class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"
init-method="initialize">
<constructor-arg index="0">
<value type="java.io.File">classpath:testIDPNoSSOBinding.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>

<!-- XML parser pool needed for OpenSAML parsing -->
<bean id="parserPool" class="org.opensaml.xml.parse.BasicParserPool" scope="singleton"/>

Expand Down

0 comments on commit 0f6f55a

Please sign in to comment.