@ThreadSafe public class STSAssumeRoleSessionCredentialsProvider extends java.lang.Object implements AWSSessionCredentialsProvider
Modifier and Type | Class and Description |
---|---|
static class |
STSAssumeRoleSessionCredentialsProvider.Builder
Provides a builder pattern to avoid combinatorial explosion of the number of parameters that
are passed to constructors.
|
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_DURATION_SECONDS
Default duration for started sessions.
|
private RefreshableTask<SessionCredentialsHolder> |
refreshableTask
Handles the refreshing of sessions.
|
private java.util.concurrent.Callable<SessionCredentialsHolder> |
refreshCallable |
private java.lang.String |
roleArn
The arn of the role to be assumed.
|
private java.lang.String |
roleExternalId
An external Id parameter for the assumed role session
|
private int |
roleSessionDurationSeconds
The Duration for assume role sessions.
|
private java.lang.String |
roleSessionName
An identifier for the assumed role session.
|
private AWSSecurityTokenService |
securityTokenService
The client for starting STS sessions.
|
Modifier | Constructor and Description |
---|---|
|
STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
java.lang.String roleArn,
java.lang.String roleSessionName)
Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified
credentials provider (which vends long lived AWS credentials) to make a request to the AWS
Security Token Service (STS), usess the provided
roleArn to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials() method. |
|
STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
java.lang.String roleArn,
java.lang.String roleSessionName,
ClientConfiguration clientConfiguration)
Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified
credentials provider (which vends long lived AWS credentials) to make a request to the AWS
Security Token Service (STS), uses the provided
roleArn to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials() method. |
|
STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
java.lang.String roleArn,
java.lang.String roleSessionName)
Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long
lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the
provided
roleArn to assume a role and then request short lived session credentials,
which will then be returned by this class's getCredentials() method. |
|
STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
java.lang.String roleArn,
java.lang.String roleSessionName,
ClientConfiguration clientConfiguration)
Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long
lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the
provided
roleArn to assume a role and then request short lived session credentials,
which will then be returned by this class's getCredentials() method. |
|
STSAssumeRoleSessionCredentialsProvider(java.lang.String roleArn,
java.lang.String roleSessionName)
Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS
Security Token Service (STS), uses the provided
roleArn to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials() method. |
private |
STSAssumeRoleSessionCredentialsProvider(STSAssumeRoleSessionCredentialsProvider.Builder builder)
The following private constructor reads state from the builder and sets the appropriate
parameters accordingly
When public constructors are called, this constructors is deferred to with a null value for
roleExternalId and endpoint The inner Builder class can be used to construct an object that
actually has a value for roleExternalId and endpoint
|
Modifier and Type | Method and Description |
---|---|
private static AWSSecurityTokenService |
buildStsClient(STSAssumeRoleSessionCredentialsProvider.Builder builder)
Construct a new STS client from the settings in the builder.
|
private RefreshableTask<SessionCredentialsHolder> |
createRefreshableTask() |
AWSSessionCredentials |
getCredentials()
Returns AWSCredentials which the caller can use to authorize an AWS request.
|
private SessionCredentialsHolder |
newSession()
Starts a new session by sending a request to the AWS Security Token Service (STS) to assume a
Role using the long lived AWS credentials.
|
void |
refresh()
Forces this credentials provider to refresh its credentials.
|
void |
setSTSClientEndpoint(java.lang.String endpoint)
Deprecated.
This method may be removed in a future major version. Create multiple providers
if you need to work with multiple STS endpoints.
|
public static final int DEFAULT_DURATION_SECONDS
private final AWSSecurityTokenService securityTokenService
private final java.lang.String roleArn
private final java.lang.String roleSessionName
private final java.lang.String roleExternalId
private final int roleSessionDurationSeconds
private final java.util.concurrent.Callable<SessionCredentialsHolder> refreshCallable
private volatile RefreshableTask<SessionCredentialsHolder> refreshableTask
public STSAssumeRoleSessionCredentialsProvider(java.lang.String roleArn, java.lang.String roleSessionName)
roleArn
to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials()
method.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, java.lang.String roleArn, java.lang.String roleSessionName)
roleArn
to assume a role and then request short lived session credentials,
which will then be returned by this class's getCredentials()
method.longLivedCredentials
- The main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, java.lang.String roleArn, java.lang.String roleSessionName, ClientConfiguration clientConfiguration)
roleArn
to assume a role and then request short lived session credentials,
which will then be returned by this class's getCredentials()
method.longLivedCredentials
- The main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.clientConfiguration
- Client configuration connection parameters.public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, java.lang.String roleArn, java.lang.String roleSessionName)
roleArn
to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials()
method.longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a
user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, java.lang.String roleArn, java.lang.String roleSessionName, ClientConfiguration clientConfiguration)
roleArn
to assume a role and then
request short lived session credentials, which will then be returned by this class's getCredentials()
method.longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a
user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.clientConfiguration
- Client configuration connection parameters.private STSAssumeRoleSessionCredentialsProvider(STSAssumeRoleSessionCredentialsProvider.Builder builder)
java.lang.IllegalArgumentException
- if both an AWSCredentials and AWSCredentialsProvider have
been set on the builderprivate RefreshableTask<SessionCredentialsHolder> createRefreshableTask()
private static AWSSecurityTokenService buildStsClient(STSAssumeRoleSessionCredentialsProvider.Builder builder) throws java.lang.IllegalArgumentException
builder
- Configured builderjava.lang.IllegalArgumentException
- if builder configuration is inconsistent@Deprecated public void setSTSClientEndpoint(java.lang.String endpoint)
public AWSSessionCredentials getCredentials()
AWSCredentialsProvider
getCredentials
in interface AWSCredentialsProvider
getCredentials
in interface AWSSessionCredentialsProvider
public void refresh()
AWSCredentialsProvider
refresh
in interface AWSCredentialsProvider
private SessionCredentialsHolder newSession()