public class DefaultCredentialsRefreshService extends Object implements CredentialsRefreshService
CredentialsRefreshService
.
This implementation keeps track of entities (typically AMQP connections) that need
to renew credentials. Token renewal is scheduled based on token expiration, using
a Function<Duration, Long> refreshDelayStrategy
. Once credentials
for a CredentialsProvider
have been renewed, the callback registered
by each entity/connection is performed. This callback typically propagates
the new credentials in the entity state, e.g. sending the new password to the
broker for AMQP connections.
Instances are preferably created with DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder
.
Modifier and Type | Class and Description |
---|---|
static class |
DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder
Builder to create instances of
DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder . |
Constructor and Description |
---|
DefaultCredentialsRefreshService(ScheduledExecutorService scheduler,
Function<Duration,Duration> refreshDelayStrategy,
Function<Duration,Boolean> approachingExpirationStrategy)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
void |
close() |
static Function<Duration,Duration> |
fixedDelayBeforeExpirationRefreshDelayStrategy(Duration duration)
Delay before refresh is
time before expiration - specified duration . |
static Function<Duration,Boolean> |
fixedTimeApproachingExpirationStrategy(Duration limitBeforeExpiration)
Advise to refresh credentials if
TTL <= limit . |
boolean |
isApproachingExpiration(Duration timeBeforeExpiration)
Provide a hint about whether credentials should be renewed now or not before attempting to connect.
|
static Function<Duration,Duration> |
ratioRefreshDelayStrategy(double ratio)
Delay before refresh is a ratio of the time before expiration.
|
String |
register(CredentialsProvider credentialsProvider,
Callable<Boolean> refreshAction)
Register a new entity that needs credentials renewal.
|
void |
unregister(CredentialsProvider credentialsProvider,
String registrationId)
Unregister the entity with the given registration ID.
|
public DefaultCredentialsRefreshService(ScheduledExecutorService scheduler, Function<Duration,Duration> refreshDelayStrategy, Function<Duration,Boolean> approachingExpirationStrategy)
DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder
to create instances.scheduler
- refreshDelayStrategy
- approachingExpirationStrategy
- public static Function<Duration,Duration> ratioRefreshDelayStrategy(double ratio)
E.g. if time before expiration is 60 minutes and specified ratio is 0.8, refresh will be scheduled in 60 x 0.8 = 48 minutes.
ratio
- public static Function<Duration,Duration> fixedDelayBeforeExpirationRefreshDelayStrategy(Duration duration)
time before expiration - specified duration
.
E.g. if time before expiration is 60 minutes and specified duration is 10 minutes, refresh will be scheduled in 60 - 10 = 50 minutes.
duration
- public static Function<Duration,Boolean> fixedTimeApproachingExpirationStrategy(Duration limitBeforeExpiration)
TTL <= limit
.limitBeforeExpiration
- public String register(CredentialsProvider credentialsProvider, Callable<Boolean> refreshAction)
CredentialsRefreshService
The registered callback must return true if the action was performed correctly, throw an exception if something goes wrong, and return false if it became stale and wants to be unregistered.
Implementations are free to automatically unregister an entity whose callback has failed a given number of times.
register
in interface CredentialsRefreshService
credentialsProvider
- the credentials providerrefreshAction
- the action to perform after credentials renewalpublic void unregister(CredentialsProvider credentialsProvider, String registrationId)
CredentialsRefreshService
Its state is cleaned up and its registered callback will not be called again.
unregister
in interface CredentialsRefreshService
credentialsProvider
- the credentials providerregistrationId
- the registration IDpublic boolean isApproachingExpiration(Duration timeBeforeExpiration)
CredentialsRefreshService
This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.
isApproachingExpiration
in interface CredentialsRefreshService
public void close()
Copyright © 2022 VMware, Inc. or its affiliates.. All rights reserved.