Class DefaultCredentialsRefreshService

All Implemented Interfaces:

public class DefaultCredentialsRefreshService extends Object implements CredentialsRefreshService
Scheduling-based implementation of CredentialsRefreshService.

This implementation keeps track of entities (typically AMQP connections) that need to renew credentials. Token renewal is scheduled based on token expiration, using a Function<Duration, Long> refreshDelayStrategy. Once credentials for a CredentialsProvider have been renewed, the callback registered by each entity/connection is performed. This callback typically propagates the new credentials in the entity state, e.g. sending the new password to the broker for AMQP connections.

Instances are preferably created with DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder.

  • Constructor Details

  • Method Details

    • ratioRefreshDelayStrategy

      public static Function<Duration,Duration> ratioRefreshDelayStrategy(double ratio)
      Delay before refresh is a ratio of the time before expiration.

      E.g. if time before expiration is 60 minutes and specified ratio is 0.8, refresh will be scheduled in 60 x 0.8 = 48 minutes.

      ratio -
      the delay before refreshing
    • fixedDelayBeforeExpirationRefreshDelayStrategy

      public static Function<Duration,Duration> fixedDelayBeforeExpirationRefreshDelayStrategy(Duration duration)
      Delay before refresh is time before expiration - specified duration.

      E.g. if time before expiration is 60 minutes and specified duration is 10 minutes, refresh will be scheduled in 60 - 10 = 50 minutes.

      duration -
      the delay before refreshing
    • fixedTimeApproachingExpirationStrategy

      public static Function<Duration,Boolean> fixedTimeApproachingExpirationStrategy(Duration limitBeforeExpiration)
      Advise to refresh credentials if TTL <= limit.
      limitBeforeExpiration -
      true if credentials should be refreshed, false otherwise
    • register

      public String register(CredentialsProvider credentialsProvider, Callable<Boolean> refreshAction)
      Description copied from interface: CredentialsRefreshService
      Register a new entity that needs credentials renewal.

      The registered callback must return true if the action was performed correctly, throw an exception if something goes wrong, and return false if it became stale and wants to be unregistered.

      Implementations are free to automatically unregister an entity whose callback has failed a given number of times.

      Specified by:
      register in interface CredentialsRefreshService
      credentialsProvider - the credentials provider
      refreshAction - the action to perform after credentials renewal
      a tracking ID for the registration
    • unregister

      public void unregister(CredentialsProvider credentialsProvider, String registrationId)
      Description copied from interface: CredentialsRefreshService
      Unregister the entity with the given registration ID.

      Its state is cleaned up and its registered callback will not be called again.

      Specified by:
      unregister in interface CredentialsRefreshService
      credentialsProvider - the credentials provider
      registrationId - the registration ID
    • isApproachingExpiration

      public boolean isApproachingExpiration(Duration timeBeforeExpiration)
      Description copied from interface: CredentialsRefreshService
      Provide a hint about whether credentials should be renewed now or not before attempting to connect.

      This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.

      Specified by:
      isApproachingExpiration in interface CredentialsRefreshService
      timeBeforeExpiration -
      true if credentials should be renewed, false otherwise
    • close

      public void close()