public class WebIdentityFederationSessionCredentialsProvider extends java.lang.Object implements AWSSessionCredentialsProvider
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_DURATION_SECONDS
Default duration for started sessions
|
static int |
DEFAULT_THRESHOLD_SECONDS
Default threshold for refreshing session credentials
|
private int |
refreshThreshold |
private java.lang.String |
roleArn |
private AWSSecurityTokenService |
securityTokenService
The client for starting STS sessions
|
private AWSSessionCredentials |
sessionCredentials
The current session credentials
|
private java.util.Date |
sessionCredentialsExpiration
The expiration time for the current session credentials
|
private int |
sessionDuration |
private java.lang.String |
subjectFromWIF |
private java.lang.String |
wifProvider |
private java.lang.String |
wifToken |
Constructor and Description |
---|
WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken,
java.lang.String wifProvider,
java.lang.String roleArn)
Constructs a new WebIdentityFederationSessionCredentialsProvider, which will use the
specified 3rd-party web identity provider to make a request to the AWS
Security Token Service (STS) to request short lived session credentials,
which will then be returned by this class's
getCredentials()
method. |
WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken,
java.lang.String wifProvider,
java.lang.String roleArn,
AWSSecurityTokenService stsClient)
Constructs a new WebIdentityFederationSessionCredentialsProvider, which will use the
specified 3rd-party web identity provider to make a request to the AWS
Security Token Service (STS) using the provided client to request short
lived session credentials, which will then be returned by this class's
getCredentials() method. |
WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken,
java.lang.String wifProvider,
java.lang.String roleArn,
ClientConfiguration clientConfiguration)
Constructs a new WebIdentityFederationSessionCredentialsProvider, which will use the
specified 3rd-party web identity provider to make a request to the AWS
Security Token Service (STS) to request short lived session credentials,
which will then be returned by this class's
getCredentials()
method. |
Modifier and Type | Method and Description |
---|---|
AWSSessionCredentials |
getCredentials()
Returns AWSCredentials which the caller can use to authorize an AWS request.
|
int |
getRefreshThreshold()
Get the refresh threshold for the session credentials created by this client in
seconds.
|
int |
getSessionDuration()
Get the duration of the session credentials created by this client in
seconds.
|
java.lang.String |
getSubjectFromWIF()
Get the identifier returned from the Identity Provider for the
authenticated user.
|
private boolean |
needsNewSession()
Returns true if a new STS session needs to be started.
|
void |
refresh()
Forces this credentials provider to refresh its credentials.
|
void |
setRefreshThreshold(int refreshThreshold)
Set the refresh threshold for the session credentials created by this client in
seconds.
|
void |
setSessionDuration(int sessionDuration)
Set the duration of the session credentials created by this client in
seconds.
|
private void |
startSession()
Starts a new session by sending a request to the AWS Security Token
Service (STS) with the long lived AWS credentials.
|
WebIdentityFederationSessionCredentialsProvider |
withRefreshThreshold(int refreshThreshold)
Set the refresh threshold for the session credentials created by this client in
seconds.
|
WebIdentityFederationSessionCredentialsProvider |
withSessionDuration(int sessionDuration)
Set the duration of the session credentials created by this client in
seconds.
|
public static final int DEFAULT_DURATION_SECONDS
public static final int DEFAULT_THRESHOLD_SECONDS
private final AWSSecurityTokenService securityTokenService
private AWSSessionCredentials sessionCredentials
private java.util.Date sessionCredentialsExpiration
private final java.lang.String wifToken
private final java.lang.String wifProvider
private final java.lang.String roleArn
private int sessionDuration
private int refreshThreshold
private java.lang.String subjectFromWIF
public WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken, java.lang.String wifProvider, java.lang.String roleArn)
getCredentials()
method.wifToken
- The OAuth/OpenID token from the the Identity ProviderwifProvider
- The name of the Identity Provider (null for OpenID providers)roleArn
- The ARN of the IAM Role that will be assumedpublic WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken, java.lang.String wifProvider, java.lang.String roleArn, ClientConfiguration clientConfiguration)
getCredentials()
method.wifToken
- The OAuth/OpenID token from the the Identity ProviderwifProvider
- The name of the Identity Provider (null for OpenID providers)roleArn
- The ARN of the IAM Role that will be assumedclientConfiguation
- Configuration to apply to STS client createdpublic WebIdentityFederationSessionCredentialsProvider(java.lang.String wifToken, java.lang.String wifProvider, java.lang.String roleArn, AWSSecurityTokenService stsClient)
getCredentials()
method.wifToken
- The OAuth/OpenID token from the the Identity ProviderwifProvider
- The name of the Identity Provider (null for OpenID providers)roleArn
- The ARN of the IAM Role that will be assumedstsClient
- Preconfigured STS client to make requests withpublic AWSSessionCredentials getCredentials()
AWSCredentialsProvider
getCredentials
in interface AWSCredentialsProvider
getCredentials
in interface AWSSessionCredentialsProvider
public void refresh()
AWSCredentialsProvider
refresh
in interface AWSCredentialsProvider
public void setSessionDuration(int sessionDuration)
sessionDuration
- The new duration for session credentials created by this
providerAssumeRoleWithWebIdentityRequest
public WebIdentityFederationSessionCredentialsProvider withSessionDuration(int sessionDuration)
sessionDuration
- The new duration for session credentials created by this
providerAssumeRoleWithWebIdentityRequest
public int getSessionDuration()
AssumeRoleWithWebIdentityRequest
public void setRefreshThreshold(int refreshThreshold)
refreshThreshold
- The new refresh threshold for session credentials created by this
providerAssumeRoleWithWebIdentityRequest
public WebIdentityFederationSessionCredentialsProvider withRefreshThreshold(int refreshThreshold)
refreshThreshold
- The new refresh threshold for session credentials created by this
providerAssumeRoleWithWebIdentityRequest
public int getRefreshThreshold()
AssumeRoleWithWebIdentityRequest
public java.lang.String getSubjectFromWIF()
AssumeRoleWithWebIdentityResult
private void startSession()
private boolean needsNewSession()