Interface CredentialsRefreshService

All Known Implementing Classes:
DefaultCredentialsRefreshService

public interface CredentialsRefreshService
Provider interface to refresh credentials when appropriate and perform an operation once the credentials have been renewed. In the context of RabbitMQ, the operation consists in calling the update.secret AMQP extension to provide new valid credentials before the current ones expire.

New connections are registered and implementations must perform credentials renewal when appropriate. Implementations must call a registered callback once credentials are renewed.

See Also:
  • Method Details

    • register

      String register(CredentialsProvider credentialsProvider, Callable<Boolean> refreshAction)
      Register a new entity that needs credentials renewal.

      The registered callback must return true if the action was performed correctly, throw an exception if something goes wrong, and return false if it became stale and wants to be unregistered.

      Implementations are free to automatically unregister an entity whose callback has failed a given number of times.

      Parameters:
      credentialsProvider - the credentials provider
      refreshAction - the action to perform after credentials renewal
      Returns:
      a tracking ID for the registration
    • unregister

      void unregister(CredentialsProvider credentialsProvider, String registrationId)
      Unregister the entity with the given registration ID.

      Its state is cleaned up and its registered callback will not be called again.

      Parameters:
      credentialsProvider - the credentials provider
      registrationId - the registration ID
    • isApproachingExpiration

      boolean isApproachingExpiration(Duration timeBeforeExpiration)
      Provide a hint about whether credentials should be renewed now or not before attempting to connect.

      This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.

      Parameters:
      timeBeforeExpiration -
      Returns:
      true if credentials should be renewed, false otherwise