org.forgerock.openig.openam

Class AmServiceHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.openam.AmServiceHeaplet

All Implemented Interfaces:

Heaplet

public class AmServiceHeaplet
extends GenericHeaplet

This heaplet represents an instance of an AmService that can shared amongst AM related filters such as the SingleSignOnFilter and the PolicyEnforcementFilter.

  {
    "type": "AmService",
    "config": {
        "url"             :    expression         [REQUIRED - configuration time expression that represents the URI
                                                              of the AM Server, for example:
                                                              {@literal https://am.example.com/sso}]
        "amHandler"       :    expression         [OPTIONAL - by default, uses the 'ForgeRockClientHandler'
                                                              provided in heap.]
        "realm"           :    expression         [OPTIONAL - configuration time expression, default is
                                                              {@link Realm#ROOT_REALM}]
        "ssoTokenHeader"  :    expression         [OPTIONAL - configuration time expression, default is
                                                              {@link AmService#DEFAULT_COOKIE_NAME}]
        "version"         :    expression         [OPTIONAL - configuration time expression, defaults to
                                                              {@link AmService#DEFAULT_AM_VERSION}]
        "agent"           :    object             [REQUIRED - Define agent credentials for notifications]
        {
            "username"        :    expression              [REQUIRED - Name of the java Agent to secure communications
                                                                       with AM.]
            "passwordSecretId":    expression              [REQUIRED - the secretId to use for the agent password.*]
        }
        "sessionCache"    :    object             [OPTIONAL - By default the session cache is disabled.]
        {
            "enabled" :              expression(boolean)   [OPTIONAL - Allow to disable the cache while still keeping
                                                                       the configuration for later use. Default is
                                                                       false.]
            "maximumSize" :          expression(long)      [OPTIONAL - Sets the maximum size of the session cache.]
            "maximumTimeToCache" :   expression(long)      [OPTIONAL - Sets the maximum time to cache a session.]
            "onNotificationDisconnection":  enum           [OPTIONAL - What to do if AM goes offline:
                                                                       NEVER_CLEAR, CLEAR_ON_DISCONNECT,
                                                                       CLEAR_ON_RECONNECT.
                                                                       Default is: CLEAR_ON_DISCONNECT.]
            "executor" :             executor              [OPTIONAL - By default, {@link ForkJoinPool#commonPool()}
                                                                       is used.]
        }
        "notifications"   :    object             [OPTIONAL - Enable/Disable notification service.]
        {
            "enabled"          :    expression(boolean)    [OPTIONAL - Allow to disable notification service.
                                                                       Default is true.]
            "reconnectDelay"   :    expression(duration)   [OPTIONAL - Time to wait in between reconnection tentatives
                                                                       Default to 5 seconds]
            "tls"              :    object                 [OPTIONAL - Configure TLS connection settings
            {                                                          Every setting defaults to default option value
                                                                       from HttpClientHandler.*_OPTION ]
                "sslContextAlgorithm"    : expression(string)
                "sslEnabledProtocols"    : [ expression(string) ]
                "sslCipherSuites"        : [ expression(string) ]
                "keyManager"             : keymanager or [ keymanager ]
                "trustManager"           : trustmanager or [ trustmanager ]
            }
        }
    }
  }
  
 

The sessionCache's entry default expiry policy is based on the "maxSessionExpirationTime" field located in the SessionInfo object stored.

• The agent password password is deprecated since version 6.5 in favor of the usage of the passwordSecretId using the Common Secrets API.
• Note that if both password and passwordSecretId are provided, the passwordSecretId has precedence.

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor and Description
AmServiceHeaplet()

Method Summary

Modifier and Type	Method and Description
Object	create() Called to request the heaplet create an object.
void	destroy() Called to indicate that the object created by the heaplet is going to be dereferenced.
void	start() Called to request the heaplet start an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AmServiceHeaplet

public AmServiceHeaplet()

Method Detail

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.

start

public void start()
           throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet start an object. Called by Heaplet.create(Name, JsonValue, Heap) after creating and configuring the object and once the object's logger and storage have been configured. Implementations should override this method if they need to acquire resources, start threads, or log any initialization messages.

Overrides:

start in class GenericHeaplet

Throws:

HeapException - if an exception occurred while starting the heap object or any of its dependencies.

destroy

public void destroy()

Description copied from interface: Heaplet

Called to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.

Specified by:

destroy in interface Heaplet

Overrides:

destroy in class GenericHeaplet