Interface CredentialsRefreshService

  • All Known Implementing Classes:

    public interface CredentialsRefreshService
    Provider interface to refresh credentials when appropriate and perform an operation once the credentials have been renewed. In the context of RabbitMQ, the operation consists in calling the update.secret AMQP extension to provide new valid credentials before the current ones expire.

    New connections are registered and implementations must perform credentials renewal when appropriate. Implementations must call a registered callback once credentials are renewed.

    See Also:
    CredentialsProvider, DefaultCredentialsRefreshService
    • Method Detail

      • register

        String register​(CredentialsProvider credentialsProvider,
                        Callable<Boolean> refreshAction)
        Register a new entity that needs credentials renewal.

        The registered callback must return true if the action was performed correctly, throw an exception if something goes wrong, and return false if it became stale and wants to be unregistered.

        Implementations are free to automatically unregister an entity whose callback has failed a given number of times.

        credentialsProvider - the credentials provider
        refreshAction - the action to perform after credentials renewal
        a tracking ID for the registration
      • unregister

        void unregister​(CredentialsProvider credentialsProvider,
                        String registrationId)
        Unregister the entity with the given registration ID.

        Its state is cleaned up and its registered callback will not be called again.

        credentialsProvider - the credentials provider
        registrationId - the registration ID
      • isApproachingExpiration

        boolean isApproachingExpiration​(Duration timeBeforeExpiration)
        Provide a hint about whether credentials should be renewed now or not before attempting to connect.

        This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.

        timeBeforeExpiration -
        true if credentials should be renewed, false otherwise