PicketLink Federation Core 2.1.6.Final-redhat-2

org.picketlink.identity.federation.core.sts.registry
Class JPABasedRevocationRegistry

java.lang.Object
  extended by org.picketlink.identity.federation.core.sts.registry.AbstractJPARegistry
      extended by org.picketlink.identity.federation.core.sts.registry.JPABasedRevocationRegistry
All Implemented Interfaces:
RevocationRegistry

public class JPABasedRevocationRegistry
extends AbstractJPARegistry
implements RevocationRegistry

JPABasedRevocationRegistry is a revocation registry implementation that uses JPA to store the ids of the revoked (canceled) security tokens on a database. By default, the JPA configuration has the name picketlink-sts but a different configuration name can be specified through the constructor that takes a String as a parameter.

NOTE: this implementation doesn't keep any cache of the security token ids. It performs a JPA query every time the isRevoked(String id) method is called. Many JPA providers have internal caching mechanisms that can keep the data in the cache synchronized with the database and avoid unnecessary trips to the database. This makes this registry a good choice for clustered environments as any changes to the revocation table made by a node will be visible to the other nodes.

Author:
Stefan Guilhen

Field Summary
 
Fields inherited from class org.picketlink.identity.federation.core.sts.registry.AbstractJPARegistry
logger
 
Constructor Summary
JPABasedRevocationRegistry()
           Creates an instance of JPABasedRevocationRegistry that uses the default picketlink-sts JPA configuration to persist the ids of the canceled security tokens.
JPABasedRevocationRegistry(String configuration)
           Creates an instance of JPABasedRevocationRegistry that uses the specified JPA configuration to persist the ids of the canceled security tokens.
 
Method Summary
 boolean isRevoked(String tokenType, String id)
           Indicates whether the token with the specified id has been revoked or not.
 void revokeToken(String tokenType, String id)
           Adds the specified id to the revocation registry.
 
Methods inherited from class org.picketlink.identity.federation.core.sts.registry.AbstractJPARegistry
getEntityManagerFactory
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JPABasedRevocationRegistry

public JPABasedRevocationRegistry()

Creates an instance of JPABasedRevocationRegistry that uses the default picketlink-sts JPA configuration to persist the ids of the canceled security tokens.


JPABasedRevocationRegistry

public JPABasedRevocationRegistry(String configuration)

Creates an instance of JPABasedRevocationRegistry that uses the specified JPA configuration to persist the ids of the canceled security tokens.

Parameters:
configuration - a String representing the JPA configuration name to be used.
Method Detail

isRevoked

public boolean isRevoked(String tokenType,
                         String id)
Description copied from interface: RevocationRegistry

Indicates whether the token with the specified id has been revoked or not.

Specified by:
isRevoked in interface RevocationRegistry
Parameters:
tokenType - a String representing the token type.
id - a String representing the token id.
Returns:
true if the specified id has been revoked; false otherwise.

revokeToken

public void revokeToken(String tokenType,
                        String id)
Description copied from interface: RevocationRegistry

Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens that may have the same id but that are of different types.

Specified by:
revokeToken in interface RevocationRegistry
Parameters:
tokenType - a String representing the security token type.
id - the id to registered.

PicketLink Federation Core 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.