...
| Note |
|---|
Caching BehaviorThe built-in caching support (if enabled) keys the cached data for a GET request by the fully populated template URL generated, typically including information about the subject in the URL. For POST requests, you may provide a template for producing an appropriate cache key, or omit it to disable caching. Customized implementations of the ExecutableSearchBuilder<HTTPSearch> interface MUST implement appropriate cache key semantics, particularly if they inherit from that base class. |
...
| Expand |
|---|
| title | HTTP connector for a JSON-based web service |
|---|
|
| Code Block |
|---|
| <DataConnector id="myHTTP" xsi:type="HTTP"
httpClientRef="WebServiceHttpClient"
httpClientSecurityParametersRef="ExampleOrgWSSecurity">
<URLTemplate>
<![CDATA[
https://webservice.example.org/api/subject/$pathEscaper.escape($resolutionContext.principal)/groups
]]>
</URLTemplate>
<ResponseMapping>
<Script>
<![CDATA[
var HashSetArrayList = Java.type("java.util.HashSetArrayList");
var HttpClientSupport = Java.type("net.shibboleth.utilitiesshared.java.support.httpclient.HttpClientSupport");
var IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
var StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
// Limits length to 64k
var body = HttpClientSupport.toString(response.getEntity(), "UTF-8", 65536);
var result = JSON.parse(body);
var attr = new IdPAttribute("group");
var values = new HashSetArrayLit();
if (result.groups != null) {
for (var i=0; i<result.groups.length; i++) {
values.add(new StringAttributeValue(result.groups[i].name));
}
}
attr.setValues(values);
connectorResults.add(attr);
]]>
</Script>
</ResponseMapping>
<ResultCache expireAfterWrite="PT5M"/>
</DataConnector> |
|
...
| Expand |
|---|
| title | Specific XML Attributes |
|---|
|
The following attributes may be specified (the only required attribute is httpClientRef). Name | Type | Default | Description |
|---|
httpClientRef | Bean ID | | Bean ID of the HttpClient instance to use | httpClientSecurityParametersRef | Bean ID | | Bean ID of the HttpClientSecurityParameters instance to use , (ignored in 5.0 if one of the security shortcut settings are used) | serverCertificate | Resource path | | Path of resource containing a server certificate whose public key must match the server's. If set in 5.0, httpClientSecurityParametersRef is ignored, in 5.1 it will be merged into the supplied bean. | certificateAuthority | Resource path | | Path of resource containing a certificate authority used to validate the server's certificate. If set in 5.0, httpClientSecurityParametersRef is ignored, in 5.1 it will be merged into the supplied bean. | clientPrivateKey | Resource path | | Path of resource containing a private key used to authenticate the client to the server via TLS. If set in 5.0, httpClientSecurityParametersRef is ignored, in 5.1 it will be merged into the supplied bean. | clientCertificate | Resource path |
| Path of resource containing a certificate used to authenticate the client to the server via TLS. If set in 5.0, httpClientSecurityParametersRef is ignored, in 5.1 it will be merged into the supplied bean. | maxLength | Long | 0 | Limits size of response body to accept, or 0 for no limit. When used, only non-chunked responses that include a content length will be accepted. | acceptStatuses | Collection<Integer> | 200 | Acceptable HTTP status codes | acceptTypes | Collection<String> | | Acceptable MIME content types | headerMapRef | Map<String,String> | | Bean ID of a map of custom header names and values to set in the HTTP request | mappingStrategyRef | Bean ID | | Bean ID of a HTTPResponseMappingStrategy to process the result set in a pluggable way | validatorRef | Bean ID | | Bean ID of a Validator to control what constitutes an initialization failure (the default does no validation) | executableSearchBuilderRef | Bean ID | | Bean ID of an ExecutableSearchBuilder<HTTPSearch> to produce the request to execute | templateEngine | Bean ID | | Bean ID of a org.apache.velocity.app.VelocityEngine to use for processing the URL template, generally unnecessary | failFast | Boolean | false | Whether a failure when verifying the connection during startup is fatal (stops the Attribute filter service from starting). |
|
| Expand |
|---|
| title | Specific XML Elements |
|---|
|
Name | Cardinality | Description |
|---|
<URLTemplate> | 0 or 1 | Template of a URL to execute via HTTP GET or POST | <BodyTemplate> | 0 or 1 | Template for a request body to submit via HTTP POST, requires use of <URLTemplate> | <CacheKeyTemplate> | 0 or 1 | Template to produce a cache key to associate with the result of an HTTP POST, requires use of <BodyTemplate> | <ResponseMapping> | 0 or 1 | Inline or external script to execute to process the response body | <ResultCache> | 0 or 1 | Defines how results should be cached. | <ResultCacheBean> | Bean ID (in the element content) defining how results should be cached as an externally defined com.google.common.cache.Cache<String,Map<String,IdPAttribute>> |
|
| Expand |
|---|
| title | Common XML Attributes |
|---|
|
| Include Page |
|---|
| DataConnectorCommonAttributes |
|---|
| DataConnectorCommonAttributes |
|---|
|
|
...
| Expand |
|---|
|
| Include Page |
|---|
| VelocityTemplateProperties |
|---|
| VelocityTemplateProperties |
|---|
|
|
Spring Configuration
| Note |
|---|
The springResource or springResourceRef attributes are DEPRECATED in V4.3 and will not work in V5 |
If the springResource or springResourceRef attributes are specified, then the configuration of the data connector bean is delegated to the supplied resources. The system will create a factory for an HTTPDataConnector object, and look for beans in the Spring resource(s) supplied that match the types of properties supported by that type and its parent classes. Note that since these are not public, but implementation classes, they are subject to change, which creates some risk during non-patch upgrades, so you must take additional precautions to use this feature.
In practice, the HTTP Data Connector may be supplied with beans of the following types:
In addition native bean Native bean IDs can be injected as follows:
The HttpClient instance and its security settings are injected via the httpClientRef and httpClientSecurityParametersRef attributes.
The builder for the request can be specified as an externally defined bean via the executableSearchBuilderRef attribute (as a replacement for the <URLTemplate> element and related elements). This allows for complete generality of the request-building process.
The processing of the response can be specified with an externally defined bean via the mappingStrategyRef attribute (as a replacement for the <ResponseMapping> element).
The caching of results can be specified as an externally defined bean via the <ResultCacheBean> element (as a replacement for the <ResultCache> element).
A Validator can be specifier as as an externally defined bean via the validatorRef attribute.
...
Rarely, a non-default Velocity engine can be injected via the templateEngine attribute.