public class JPABasedRevocationRegistry extends AbstractJPARegistry implements RevocationRegistry
JPABasedRevocationRegistry
is a revocation registry implementation that uses JPA to store the ids of the
revoked
(canceled) security tokens on a database. By default, the JPA configuration has the name picketlink-sts
but
a
different configuration name can be specified through the constructor that takes a String
as a parameter.
NOTE: this implementation doesn't keep any cache of the security token ids. It performs a JPA query every time the
isRevoked(String id)
method is called. Many JPA providers have internal caching mechanisms that can keep the
data in
the cache synchronized with the database and avoid unnecessary trips to the database. This makes this registry a
good
choice
for clustered environments as any changes to the revocation table made by a node will be visible to the other nodes.
logger
Constructor and Description |
---|
JPABasedRevocationRegistry()
Creates an instance of
JPABasedRevocationRegistry that uses the default picketlink-sts JPA configuration
to persist the ids of the canceled security tokens. |
JPABasedRevocationRegistry(String configuration)
Creates an instance of
JPABasedRevocationRegistry that uses the specified JPA configuration to persist the ids of
the canceled security tokens. |
Modifier and Type | Method and Description |
---|---|
boolean |
isRevoked(String tokenType,
String id)
Indicates whether the token with the specified id has been revoked or not.
|
void |
revokeToken(String tokenType,
String id)
Adds the specified id to the revocation registry.
|
getEntityManagerFactory
public JPABasedRevocationRegistry()
Creates an instance of JPABasedRevocationRegistry
that uses the default picketlink-sts
JPA configuration
to persist the ids of the canceled security tokens.
public JPABasedRevocationRegistry(String configuration)
Creates an instance of JPABasedRevocationRegistry
that uses the specified JPA configuration to persist the ids of
the canceled security tokens.
configuration
- a String
representing the JPA configuration name to be used.public boolean isRevoked(String tokenType, String id)
RevocationRegistry
Indicates whether the token with the specified id has been revoked or not.
isRevoked
in interface RevocationRegistry
tokenType
- a String
representing the token type.id
- a String
representing the token id.true
if the specified id has been revoked; false
otherwise.public void revokeToken(String tokenType, String id)
RevocationRegistry
Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens that may have the same id but that are of different types.
revokeToken
in interface RevocationRegistry
tokenType
- a String
representing the security token type.id
- the id to registered.Copyright © 2016 JBoss by Red Hat. All rights reserved.