The Shibboleth IdP V4 software will leave support on September 1, 2024.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The HTTP resource and the related File Backed HTTP Resource allow configuration to be retrieved from an web server. In contrast to the Spring UrlResource, significant control of the underlying Apache HttpClient library is available, such as:

  • Connection timeouts and other connection-related configuration.
  • Proxy information
  • Security and certificate information.
  • In-memory or file backed caching. This caching is at the HTTP client level and allows a reduction of the HTTP traffic since data is only loaded when it has gone out of date. However, these caches do not survive the lifetime of the HttpClient, and so are not available across IdP restarts, so they are generally not of a lot of value.

For details on advanced usage, refer to the HttpClientConfiguration topic.

Configuring the HTTP Resource

The HTTP Resource is configured entirely via its constructor.  The two parameters are the URL and an Apache HttpClient. Some built-in beans are provided to simplify use of the HttpClient, configured via properties detailed in the HttpClientConfiguration topic.

FileBackedHTTPResource provides file backup for when the web server is unavailable, including across restarts. Note that this use case is orthogonal to the use of a file-backed HttpClient cache, which provides a local copy of valid cached data even when the web server can be contacted.

Simple Examples

The following simple examples rely on the default security behavior of the HttpClient. Use of TLS, and more explicit security configuration, is recommended, and examples of that can be found on the HttpClientConfiguration page.

The first example is the simplest case, with a standard client and some timeout settings.

<bean id="MyHTTPClient" class="shibboleth.HttpClientFactory"
	p:connectionTimeout="PT30S"
	p:connectionRequestTimeout="PT30S"
	p:socketTimeout="PT30S" />

<bean id="MyResource" class="net.shibboleth.ext.spring.resource.HTTPResource"
	c:client-ref="MyHTTPClient"  
	c:url="http://example.org/path/to/file.xml" />

The second example demonstrates a resource which will be supplied from an on disk cache (suitable for multiple or large files) for as long as the file on the webserver does not change.  If the webserver becomes unavailable the last used contents of the file will be returned (even if that was in a previous IdP lifetime).

<bean id="MyHTTPClient" class="shibboleth.FileCachingHttpClientFactory"
	p:connectionTimeout="PT30S"
	p:connectionRequestTimeout="PT30S"
	p:socketTimeout="PT30S"
	p:cacheDirectory="%{idp.home}/configcache" />

<bean id="fileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
	c:client-ref="MyHTTPClient"
	c:url="http://example.org/path/to/file.xml" 
	c:backingFile="/var/shibboleth/caches/resourcecache/file.xml"/>
  • No labels