...
As a result, this topic is heavy on examples, and going beyond the examples is more a case of reading javadocs and finding the right settings than reading some documentation to magically impart the right answer.
General Configuration
A set of Spring factory beans are provided that understand how to build an HttpClient instance with a variety of features and settings. For technical reasons the basic caching behavior of the client is determined by selecting from among three different factory bean types:
net.shibboleth.idp.profile.spring.relyingparty.metadata.HttpClientFactoryBean
net.shibboleth.idp.profile.spring.relyingparty.metadata.FileCachingHttpClientFactoryBean
net.shibboleth.idp.profile.spring.relyingparty.metadata.InMemoryCachingHttpClientFactoryBeanNon-Caching
File-based Caching
In-memory Caching
As you would expect, the first provides no explicit caching of results, the second caches results on disk (but not across restarts of the software), and the third caches results in memory. This is HTTP caching; that is, it relies on signaling between the client and web server to detect when to reuse results and supports conditional GET requests with cache control headers to redirect requests into the cache. Essentially they act much like a browser would.
...
This parent bean is available to assist in defining custom HttpClient beans for use with various components:
Note |
---|
These two additional parent beans are replacements for the caching clients: We Again, we don’t advise using the caching variants in most cases, as they do not behave in the ways most people have tended to expect, and the dominant use cases for these clients is not with larger documents that benefit from this caching. Metadata resolvers, for example, do not rely on these beans at all because the caching is tailored to those use cases and implemented directly. |
...
Expand | |||||||
---|---|---|---|---|---|---|---|
| |||||||
There is now official support for Basic Authentication using our APIs. Other HTTP authentication mechanisms may work but likely require interacting with lower-level HttpClient library objects. The supported API for this involves injecting a map keyed by HttpHost objects whose value is the username and password to use. This API supports pre-emptive authentication; that is, the code will offer the credentials automatically when contacting the specified host and will not wait for a challenge from the server to do so. It should therefore be used only with TLS-protected hosts with appropriate verification, as described earlier. We have defined a pair of parent beans to abstract some of the classes needed to define the map:
The map must be injected into the HttpClientSecurityParameters bean via the Example of Basic Authentication along with TLS Verification
Since the map discriminates the credentials by host, it’s safe to define all your various credentials in one map and use it wherever needed. |
Expand | |||||
---|---|---|---|---|---|
| |||||
The HTTPClientBuilder object that is the base for the HTTPClient beans has properties for HTTP proxy settings:
|
Reference
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
These properties are used in a set of DEPRECATED parent beans that are no longer supported due to a Spring bug that can impact the reloading of service configurations. They remain present for compatibility and for convenience should you choose to use them in your own bean definitions
|
Expand | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||
|
...