Package org.forgerock.openig.openam
Class AmServiceHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.openam.AmServiceHeaplet
-
- All Implemented Interfaces:
Heaplet
public class AmServiceHeaplet extends GenericHeaplet
This heaplet represents an instance of anAmServicethat can shared amongst AM related filters such as theSingleSignOnFilterand thePolicyEnforcementFilter.
The sessionCache's entry default expiry policy is based on the "maxSessionExpirationTime" field located in the{ "type": "AmService", "config": { "url" : expression [REQUIRED - configuration time expression that represents the URI of the AM Server, for example: {@literal https://am.example.com/sso}] "amHandler" : expression [OPTIONAL - by default, uses the 'ForgeRockClientHandler' provided in heap.] "realm" : expression [OPTIONAL - configuration time expression, default is {@link Realm#ROOT_REALM}] "ssoTokenHeader" : expression [OPTIONAL - configuration time expression, default is to query AM if this setting is not provided. "version" : expression [OPTIONAL - configuration time expression, defaults to {@link AmService#DEFAULT_AM_VERSION}] "agent" : object [REQUIRED - Define agent credentials for notifications] { "username" : expression [REQUIRED - The IG Agent ID to use when authenticating with AM.] "passwordSecretId": expression [REQUIRED - the secretId to use for the agent password.] } "sessionProperties" : string list [OPTIONAL - The list of user's session properties to request from AM. These are later transformed into a form that selects them as properties from all the available session attributes. Default is to retrieve all available session properties.] "sessionCache" : object [OPTIONAL - By default the session cache is disabled.] { "enabled" : expression(boolean) [OPTIONAL - Allow to disable the cache while still keeping the configuration for later use. Default is false.] "maximumSize" : expression(long) [OPTIONAL - Sets the maximum size of the session cache.] "maximumTimeToCache" : expression(long) [OPTIONAL - Sets the maximum time to cache a session.] "onNotificationDisconnection": enum [OPTIONAL - What to do if AM goes offline: NEVER_CLEAR, CLEAR_ON_DISCONNECT, CLEAR_ON_RECONNECT. Default is: CLEAR_ON_DISCONNECT.] "executor" : executor [OPTIONAL - By default, {@link ForkJoinPool#commonPool()} is used.] } "sessionIdleRefresh" : object [OPTIONAL - Enable/Disable session idle refresh functionality.] { "enabled" : expression(boolean) [OPTIONAL - Allow to enable session idle refresh function. Default is false] "interval" : expression(duration) [OPTIONAL - Wait at least this long in between making session idle refresh requests. Default to 5 minutes] } "notifications" : object [OPTIONAL - Enable/Disable notification service.] { "enabled" : expression(boolean) [OPTIONAL - Allow to disable notification service. Default is true.] "initialConnectionAttempts": expression(number)[OPTIONAL - The maximum number of times IG attempts to open a WebSocket connection before failing to deploy a route. Default to 5. (-1 for no limit). "reconnectDelay" : expression(duration) [OPTIONAL - Time to wait in between reconnection attempts Default to 5 seconds] "renewalDelay" : expression(duration) [OPTIONAL - Time to wait between preventive connection renewal. Can be disabled with '0' or 'unlimited'. Default 50 minutes to prevent ID Cloud connection killing every hour] "heartbeatInterval" : expression(duration) [OPTIONAL - Time to wait in between heartbeats. Can be disabled with '0' or 'unlimited'. Default to 1 minute] "connectionTimeout" : expression(duration) [OPTIONAL - Time to wait for before failing a connection attempt. Default to 60 seconds] "idleTimeout" : expression(duration) [OPTIONAL - Time to wait without activity before closing the connection. Default to unlimited] "tls" : object [OPTIONAL - Configure TLS connection settings { Every setting defaults to default option value from HttpClientHandler.*_OPTION ] "sslContextAlgorithm" : expression(string) "sslEnabledProtocols" : [ expression(string) ] "sslCipherSuites" : [ expression(string) ] "keyManager" : keymanager or [ keymanager ] "trustManager" : trustmanager or [ trustmanager ] }, "proxyOptions" : ProxyOptions [OPTIONAL - Configure WebSocket proxy options. Default to the global ProxyOptions from the heap] "vertx" : expression(object) [OPTIONAL - The vertx configuration to pass to the underlying Vert.x Websocket client.] } } }SessionInfoobject stored.- The agent password password is deprecated since version 6.5 in favor of the usage of the passwordSecretId using the Common Secrets API.
- Note that if both password and passwordSecretId are provided, the passwordSecretId has precedence.
-
-
Constructor Summary
Constructors Constructor Description AmServiceHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Objectcreate()Called to request the heaplet create an object.voiddestroy()Called to indicate that the object created by the heaplet is going to be dereferenced.voidstart()Called to request the heaplet start an object.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getSecretsProvider, getType, initialBindings, meterRegistryHolder
-
-
-
-
Method Detail
-
create
public Object create() throws HeapException
Description copied from class:GenericHeapletCalled to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()method.- Specified by:
createin classGenericHeaplet- Returns:
- The created object.
- Throws:
HeapException- if an exception occurred during creation of the heap object or any of its dependencies.
-
start
public void start() throws HeapExceptionDescription copied from class:GenericHeapletCalled to request the heaplet start an object. Called byHeaplet.create(Name, JsonValue, Heap)after creating and configuring the object and once the object's logger and storage have been configured. Implementations should override this method if they need to acquire resources, start threads, or log any initialization messages.- Overrides:
startin classGenericHeaplet- Throws:
HeapException- if an exception occurred while starting the heap object or any of its dependencies.
-
destroy
public void destroy()
Description copied from interface:HeapletCalled to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.- Specified by:
destroyin interfaceHeaplet- Overrides:
destroyin classGenericHeaplet
-
-