ReloadableServices
File(s): conf/services.xml, conf/services.properties
Format: Native Spring
Overview
The services.xml file is used to specify many of the other configuration files (or more generally, Spring Resources) to load to configure various important services within the IdP. The services.properties file provides a less granular way to identify the Spring beans containing the lists of resources, and also controls the dynamic reloading behavior of those services.
You might modify these files to:
change the resources used, or more commonly add additional resources to supplement built-in defaults
configure more specialized approaches such as remote HTTP resources (though there are limited security controls available for this)
control how often to check for changes and reload configurations, if at all
The services.xml file contains a series of "list" beans that specify the Spring Resources to load into various services. The lists are named with specific bean IDs (see below) that direct the resources into the various services. If you wish to supply your own resource lists without modifying the delivered lists, you may control the bean IDs used by modifying services.properties.
You can use any kind of Resource supported by Spring, along with additional custom resource types provided with the IdP for handling HTTP and other custom resources.
Resources provided by the project include the HTTPResource and the RunnableFileSystemResource
Do not remove any of the beans from services.xml unless you alter a corresponding property in services.properties to direct the service to a different resource list bean, or the IdP will fail to initialize with an error referencing the missing bean.
Fail Fast
The fail-fast behavior, which can be adjusted by service to a limited degree, determines whether the IdP webapp context will initialize and serve clients if a particular service fails to initialize successfully. The point of this mechanism is to allow you to decide for yourself when problems should be discovered and how serious they should be treated. While it isn't the default, you may find it simpler when first starting out to enable fail-fast behavior globally while you work through mistakes.
Whether a given service succeeds or fails is ultimately an internal consideration, but generally we're talking about whether its configuration is valid and whether its pieces and parts themselves are considered to be successfully initialized. Often there may be individual fail-fast settings applying at the micro level that in turn dictate whether the surrounding service starts (and which then determines the overall result of the IdP startup process based on the service's fail-fast behavior). On top of that, some of the subsystems cause ripple effects when they fail that may make it impossible to really achieve non-fail-fast behavior in some cases.
There are two levels of fail-fast properties that control service behavior (and described below). A global property called idp.service.failFast can be used to toggle all services to fail-fast at once (since the default is false for most, but true for a couple). In addition, or instead, you can control the behavior of specific services with properties specific to each service. The individual properties override the global setting, so you can mix and match.
Reloading Services
In addition to the "checkInterval" properties listed below to automatically reload services, you may reload a service at any time using the reload-service command line utility and the service ID. The service IDs are shown below in the Beans table (excluding the logging service, which is "shibboleth.LoggingService").
$ ./reload-service.sh -id shibboleth.AttributeResolverService
Alternatively, you may reload services by issuing a GET request to the following URL, assuming your client has access as defined in AccessControlConfiguration.
GET http(s)://[idp-base-url]/idp/profile/admin/reload-service?id=shibboleth.LoggingService
Reference