PicketLink Federation Core 2.1.6.Final-redhat-2

org.picketlink.identity.federation.core.sts.registry
Class FileBasedRevocationRegistry

java.lang.Object
  extended by org.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations
      extended by org.picketlink.identity.federation.core.sts.registry.FileBasedRevocationRegistry
All Implemented Interfaces:
RevocationRegistry

public class FileBasedRevocationRegistry
extends FileBasedSTSOperations
implements RevocationRegistry

FileBasedRevocationRegistry is a revocation registry implementation that uses a file to store the ids of the revoked (canceled) security tokens. By default all ids are stored in $HOME/picketlink-store/sts/revoked.ids but a different location can be specified through the constructor that takes the file name as a parameter.

NOTE: this implementation use a local cache to avoid reading the file system every time a revocation check is made, making this registry a bad choice for distributed scenarios. Even though the registry file is updated whenever a new id is revoked, each node in the cluster will have its own cached view and thus a token that has been canceled by one node may be accepted by another live node as the caches are not refreshed or synchronized.

Author:
Stefan Guilhen

Field Summary
protected static String FILE_NAME
           
protected  File registryFile
           
protected static Set<String> revokedIds
           
 
Fields inherited from class org.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations
directory, logger
 
Constructor Summary
FileBasedRevocationRegistry()
           Creates an instance of RevocationRegistryFile that stores the canceled ids in the default $HOME/picketlink-store/sts/revoked.ids file.
FileBasedRevocationRegistry(String registryFileName)
           Creates an instance of RevocationRegistryFile that stores the canceled ids in specified file.
 
Method Summary
 boolean isRevoked(String tokenType, String id)
           Indicates whether the token with the specified id has been revoked or not.
 void revokeToken(String tokenType, String id)
           Adds the specified id to the revocation registry.
 
Methods inherited from class org.picketlink.identity.federation.core.sts.registry.FileBasedSTSOperations
create
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FILE_NAME

protected static final String FILE_NAME
See Also:
Constant Field Values

revokedIds

protected static Set<String> revokedIds

registryFile

protected File registryFile
Constructor Detail

FileBasedRevocationRegistry

public FileBasedRevocationRegistry()

Creates an instance of RevocationRegistryFile that stores the canceled ids in the default $HOME/picketlink-store/sts/revoked.ids file.


FileBasedRevocationRegistry

public FileBasedRevocationRegistry(String registryFileName)

Creates an instance of RevocationRegistryFile that stores the canceled ids in specified file.

Parameters:
registryFile - a String that indicates the file that must be used to store revoked ids.
Method Detail

isRevoked

public boolean isRevoked(String tokenType,
                         String id)
Description copied from interface: RevocationRegistry

Indicates whether the token with the specified id has been revoked or not.

Specified by:
isRevoked in interface RevocationRegistry
Parameters:
tokenType - a String representing the token type.
id - a String representing the token id.
Returns:
true if the specified id has been revoked; false otherwise.

revokeToken

public void revokeToken(String tokenType,
                        String id)
Description copied from interface: RevocationRegistry

Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens that may have the same id but that are of different types.

Specified by:
revokeToken in interface RevocationRegistry
Parameters:
tokenType - a String representing the security token type.
id - the id to registered.

PicketLink Federation Core 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.