SIDP-428: Address lifecycle issues around use of MetadataCredentialResolverFactory
authorputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Oct 2010 22:42:07 +0000 (22:42 +0000)
committerputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Oct 2010 22:42:07 +0000 (22:42 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2960 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java

index 389d612..c5deeec 100644 (file)
@@ -1,6 +1,7 @@
 Changes in Release 2.2.1
 =============================================
 [SIDP-421] - Error logging SOAP queries
+[SIDP-428] - Address lifecycle issues around use of MetadataCredentialResolverFactory
 
 Changes in Release 2.2.0
 =============================================
index f0783fb..425363b 100644 (file)
@@ -91,6 +91,9 @@ public abstract class AbstractSAMLProfileHandler extends
 
     /** Resolver used to determine active security policy for an incoming request. */
     private SecurityPolicyResolver securityPolicyResolver;
+    
+    /** Credential resolver for resolving keys from metadata. */
+    private MetadataCredentialResolver metadataCredentialResolver;
 
     /** Constructor. */
     protected AbstractSAMLProfileHandler() {
@@ -184,9 +187,16 @@ public abstract class AbstractSAMLProfileHandler extends
      * @return the metadata credential resolver or null
      */
     public MetadataCredentialResolver getMetadataCredentialResolver() {
-        MetadataCredentialResolverFactory mcrFactory = MetadataCredentialResolverFactory.getFactory();
-        MetadataProvider metadataProvider = getMetadataProvider();
-        return mcrFactory.getInstance(metadataProvider);
+        // It's advisable to cache the metadata cred resolver instance from the factory
+        // for the life of the profile handler.  See SIDP-428.
+        synchronized(this) {
+            if (metadataCredentialResolver == null) {
+                MetadataCredentialResolverFactory mcrFactory = MetadataCredentialResolverFactory.getFactory();
+                MetadataProvider metadataProvider = getMetadataProvider();
+                metadataCredentialResolver = mcrFactory.getInstance(metadataProvider);
+            }
+        }
+        return metadataCredentialResolver;
     }
 
     /**