Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
...
Previous versions of the IdP marked the connections used for attribute resolution as read-only. A configuration attribute was provided to override this behavior and allow connection pools to be shared between the RDBMS Data Connector and other read-write uses. In V4, the DataConnector no longer marks the connections as read-only itself. If you want to enforce read-only behavior, you should do so via the JDBC connection URL and/or limiting the access of the service account.
Reference
Localtabgroupexpand |
---|
Localtab live |
---|
title | Specific XML Attributes |
---|
|
Name | Type | Default | Description |
---|
noResultIsError | boolean | false | Controls whether an empty result set is an error | failFastInitialize | boolean | false | Whether a failure when verifying the database's availability during startup is fatal (stops the Attribute Resolver service from starting) | queryTimeout | Duration | | Timeout for the queries made against the database |
multipleResultsIsError multipleResultsIsError | boolean | false | Controls whether a result set with more than one row is an error | mappingStrategyRef | Bean ID | | Bean ID of a MappingStrategy<java.sql.ResultSet> to process the result set in a pluggable way | validatorRef | Bean ID |
| Bean ID of a Validator to control what constitutes an initialization failure (set this to "shibboleth.NonFailFastValidator" to bypass connection attempt at config load time) | executableSearchBuilderRef | Bean ID | | Bean ID of an ExecutableSearchBuilder<ExecutableStatement> to produce the SQL query to execute | templateEngine | Bean ID | | Bean ID of a org.apache.velocity.app.VelocityEngine to use for processing the SQL template |
localtab-live |
Expand |
---|
title | Specific XML Elements |
---|
|
localtab-live |
Expand |
---|
title | Common XML Attributes |
---|
|
Include Page |
---|
| DataConnectorCommonAttributes |
---|
| DataConnectorCommonAttributes |
---|
| localtab-live
|
Expand |
---|
|
Include Page |
---|
| DataConnectorCommonChildElements |
---|
| DataConnectorCommonChildElements |
---|
|
|
...
If the springResource
or springResourceRef
attributes are specified, then the configuration of the DataConnector bean is delegated to the supplied resources. The system will create a factory for an RDBMSDataConnector object, and look for beans in the Spring resource(s) supplied that match the types of properties supported by that type and its parent classes.
In prior versons, most of these extension points were non-API classes and interfaces, but in V4+ they have been moved and promoted to API status.
In practice, the RDBMS Data Connector may be supplied with beans of the following types:
In addition, native bean IDs can be injected as follows:
The DataSource can be specified as an externally defined bean via the <BeanManagedConnection>
element (as a recommended replacement for the the <ContainerManagedConnection>
element).
The builder for the SQL query can be specified as an externally defined bean via the executableSearchBuilderRef
attribute (as a replacement for the <QueryTemplate>
element).
The mapping of column names can be specified as an externally defined bean via the mappingStrategyRef
attribute (as a replacement for the <Column>
elements).
The caching of results can be specified as an externally defined bean via the <ResultCacheBean>
element (as a replacement for the <ResultCache>
element).
Rarely, a non-default Velocity engine can be injected via the templateEngine
attribute.
...
Simple DataConnector entirely in custom syntax
Expand |
---|
Code Block |
---|
| <DataConnector id="myDatabase" xsi:type="RelationalDatabase">
<FailoverDataConnector ref="BackupDataseConnector"/>
<SimpleManagedConnection
jdbcDriver="org.hsqldb.jdbc.JDBCDriver" jdbcURL="jdbc:hsqldb:mem:RDBMSDataConnectorStore"
jdbcUserName="SA" jdbcPassword="secret" />
<QueryTemplate>
<![CDATA[
SELECT * FROM people WHERE userid='$resolutionContext.principal'
]]>
</QueryTemplate>
<Column columnName="homephone" attributeID="phonenumber" />
</DataConnector> |
|
Simple Data Connector using external bean
Expand |
---|
Code Block |
---|
| <DataConnector id="myDatabase" xsi:type="RelationalDatabase" mappingStrategyRef="MappingBeanId">
<BeanManagedConnection>DataConnectorBeanId</BeanManagedConnection>
<QueryTemplate>
<![CDATA[
SELECT * FROM people WHERE userid='$resolutionContext.principal'
]]>
</QueryTemplate>
<ResultCacheBean>ResultCacheBeanId</ResultCacheBean>
</DataConnector> |
|
The example below demonstrates a number of approaches:
...
Example of a springResources file
Expand |
---|
Code Block |
---|
| <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<bean class="net.shibboleth.idp.attribute.resolver.dc.rdbms.FormatExecutableStatementBuilder">
<constructor-arg index="0" value="SELECT * FROM people WHERE userid='%s'" />
</bean>
<bean id="mappings" class="net.shibboleth.idp.attribute.resolver.dc.rdbms.StringResultMappingStrategy"
p:noResultAnError="true" p:multipleResultsAnError="true">
<property name="resultRenamingMap">
<map>
<entry key="homephone" value="phonenumber" />
</map>
</property>
</bean>
<!-- The rest of these beans would be unneeded for a simple BeanManagedConnection. -->
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close"
p:driverClass="org.mariadb.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://mysql.example.org:3306/shibboleth"
p:user="admin" p:password="secret"
p:maxTotal="20"
p:maxIdle="5"
p:maxWaitMillis="2000"
p:testOnBorrow="true"
p:validationQuery="select 1"
p:validationQueryTimeout="5" />
<bean id="cacheBuilder" class="com.google.common.cache.CacheBuilder" factory-method="from">
<constructor-arg value="expireAfterAccess=10s,maximumSize=25" />
</bean>
<bean id="cache" class="com.google.common.cache.Cache" factory-bean="cacheBuilder" factory-method="build" />
</beans> |
|