|
PicketLink Federation Core 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations
org.picketlink.identity.federation.core.sts.registry.FileBasedRevocationRegistry
public class FileBasedRevocationRegistry
FileBasedRevocationRegistry
is a revocation registry implementation that uses a file to store the ids of the revoked
(canceled) security tokens. By default all ids are stored in $HOME/picketlink-store/sts/revoked.ids but a different location
can be specified through the constructor that takes the file name as a parameter.
NOTE: this implementation use a local cache to avoid reading the file system every time a revocation check is made, making this registry a bad choice for distributed scenarios. Even though the registry file is updated whenever a new id is revoked, each node in the cluster will have its own cached view and thus a token that has been canceled by one node may be accepted by another live node as the caches are not refreshed or synchronized.
Field Summary | |
---|---|
protected static String |
FILE_NAME
|
protected File |
registryFile
|
protected static Set<String> |
revokedIds
|
Fields inherited from class org.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations |
---|
directory, logger |
Constructor Summary | |
---|---|
FileBasedRevocationRegistry()
Creates an instance of RevocationRegistryFile that stores the canceled ids in the default
$HOME/picketlink-store/sts/revoked.ids file. |
|
FileBasedRevocationRegistry(String registryFileName)
Creates an instance of RevocationRegistryFile that stores the canceled ids in specified file. |
Method Summary | |
---|---|
boolean |
isRevoked(String tokenType,
String id)
Indicates whether the token with the specified id has been revoked or not. |
void |
revokeToken(String tokenType,
String id)
Adds the specified id to the revocation registry. |
Methods inherited from class org.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations |
---|
create |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final String FILE_NAME
protected static Set<String> revokedIds
protected File registryFile
Constructor Detail |
---|
public FileBasedRevocationRegistry()
Creates an instance of RevocationRegistryFile
that stores the canceled ids in the default
$HOME/picketlink-store/sts/revoked.ids
file.
public FileBasedRevocationRegistry(String registryFileName)
Creates an instance of RevocationRegistryFile
that stores the canceled ids in specified file.
registryFile
- a String
that indicates the file that must be used to store revoked ids.Method Detail |
---|
public boolean isRevoked(String tokenType, String id)
RevocationRegistry
Indicates whether the token with the specified id has been revoked or not.
isRevoked
in interface RevocationRegistry
tokenType
- a String
representing the token type.id
- a String
representing the token id.
true
if the specified id has been revoked; false
otherwise.public void revokeToken(String tokenType, String id)
RevocationRegistry
Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens that may have the same id but that are of different types.
revokeToken
in interface RevocationRegistry
tokenType
- a String
representing the security token type.id
- the id to registered.
|
PicketLink Federation Core 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |