The Shibboleth IdP V4 software will leave support on September 1, 2024.
HTTPResource
The HTTP resource and the related File Backed HTTP Resource allow configuration to be retrieved from an web server. In contrast to the Spring UrlResource, significant control of the underlying Apache HttpClient library is available, such as:
Connection timeouts and other connection-related configuration.
Proxy information
In-memory or file backed caching. This caching is at the HTTP client level and allows a reduction of the HTTP traffic since data is only loaded when it has gone out of date. However, these caches do not survive the lifetime of the HttpClient, and so are not available across IdP restarts, so they are generally not of a lot of value.
For details on some advanced usage, refer to the HttpClientConfiguration topic.
Notably, this feature does not at present support the security features that are described in that topic. This may be corrected in a future version. For the time being this feature only supports unauthenticated access to resources.
Configuring the HTTP Resource
The HTTP Resource is configured entirely via its constructor. The two parameters are the URL and an Apache HttpClient. Some built-in beans are provided to simplify use of the HttpClient, configured via properties detailed in the HttpClientConfiguration topic.
FileBackedHTTPResource provides file backup for when the web server is unavailable, including across restarts. Note that this use case is orthogonal to the use of a file-backed HttpClient cache, which provides a local copy of valid cached data even when the web server can be contacted.
Examples
The first example is the simplest case, with a standard client and some timeout settings.
<bean id="MyHTTPClient" parent="shibboleth.HttpClientFactory"
p:connectionTimeout="PT30S"
p:connectionRequestTimeout="PT30S"
p:socketTimeout="PT30S" />
<bean id="MyResource" class="net.shibboleth.ext.spring.resource.HTTPResource"
c:client-ref="MyHTTPClient"
c:url="http://example.org/path/to/file.xml" />The second example demonstrates a resource which will be supplied from an on disk backup if the source becomes unavailable.
<bean id="MyHTTPClient" parent="shibboleth.HttpClientFactory"
p:connectionTimeout="PT30S"
p:connectionRequestTimeout="PT30S"
p:socketTimeout="PT30S" />
<bean id="fileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
c:client-ref="MyHTTPClient"
c:url="http://example.org/path/to/file.xml"
c:backingFile="/var/shibboleth/cache/resourcecache/file.xml"/>Finally, a more complex example illustrates how to integrate the security features documented in the HttpClientConfiguration topic with an HTTPResource. The example references a security object called "CustomHttpSecurity", which is not shown, but examples of creating an HttpClientSecurityParameters object are in that topic. The additional wiring is to inject the security object into the client at runtime from the resource object.
<bean id="MyHTTPClient" parent="shibboleth.HttpClientFactory"
p:connectionTimeout="PT30S"
p:connectionRequestTimeout="PT30S"
p:socketTimeout="PT30S" />
<bean id="fileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
c:client-ref="MyHTTPClient"
c:url="http://example.org/path/to/file.xml"
c:backingFile="/var/shibboleth/cache/resourcecache/file.xml">
<property name="httpClientContextHandler">
<bean class="org.opensaml.security.httpclient.HttpClientSecurityContextHandler"
p:httpClientSecurityParameters-ref="CustomHttpSecurity"/>
</property>
</bean>