Metadata refresh fails with OpenSAML 2.5.3

[MrDavePar]

Code:

28/01/2013 10:38:13 WARN [Metadata-reload] org.springframework.security.saml.metadata.MetadataManager:Metadata refreshing has failed
java.lang.UnsupportedOperationException
	at java.util.Collections$UnmodifiableCollection.clear(Collections.java:1094)
	at org.opensaml.saml2.metadata.provider.ChainingMetadataProvider.setProviders(ChainingMetadataProvider.java:104)
	at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:203)
	at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
	at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:987)
	at java.util.TimerThread.mainLoop(Timer.java:555)
	at java.util.TimerThread.run(Timer.java:505)

The above is because (at least in OpenSAML 2.5.3) ChainingMetadatProvider addMetaDataProvider adds the provider as:

providers = Collections.unmodifiableList(checkedProviders);

setProviders in ChainingMetadataProvider is getting an empty list from CachingMetadataManager line

This is because CachingMetadataManager passes in an empty list in line 203:
// Remove existing providers, they'll get repopulated
super.setProviders(Collections.<MetadataProvider>e mptyList());

I'll move back to a prior version of opensaml to see if that fixes the problem. Anyone else seeing this? Is there another solution?

[MrDavePar]

I should note this is NOT JOST-174 (https://issues.shibboleth.net/jira/browse/JOST-174) as that was a problem with opensaml. The problem above is how opensaml handles being passed in empty (or null) list as it is being called by CachingMetadataManager.

[MrDavePar]

Never mind... I think I see what's wrong. I have the 2.5.3 source, but because maven is broken (at least when called from play frameworks) for the 2.5.3 release, I was pulling in 2.5.1-1. If I can pull in 2.5.3 I think this will be resolved.