Class StsCredentialsProvider

java.lang.Object

software.amazon.awssdk.services.sts.auth.StsCredentialsProvider

All Implemented Interfaces:

AutoCloseable, AwsCredentialsProvider, IdentityProvider<AwsCredentialsIdentity>, SdkAutoCloseable

Direct Known Subclasses:

StsAssumeRoleCredentialsProvider, StsAssumeRoleWithSamlCredentialsProvider, StsAssumeRoleWithWebIdentityCredentialsProvider, StsGetFederationTokenCredentialsProvider, StsGetSessionTokenCredentialsProvider, StsWebIdentityTokenFileCredentialsProvider

@ThreadSafe
public abstract class StsCredentialsProvider
extends Object
implements AwsCredentialsProvider, SdkAutoCloseable

An implementation of AwsCredentialsProvider that is extended within this package to provide support for periodically- updating session credentials. When credentials get close to expiration, this class will attempt to update them automatically either with a single calling thread (by default) or asynchronously (if asyncCredentialUpdateEnabled is true). If the credentials expire, this class will block all calls to resolveCredentials() until the credentials are updated. Users of this provider must close() it when they are finished using it.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	StsCredentialsProvider.BaseBuilder<B extends StsCredentialsProvider.BaseBuilder<B,T>,T extends ToCopyableBuilder<B,T>>	Extended by child class's builders to share configuration across credential providers.

Method Summary

Modifier and Type	Method	Description
void	close()
Duration	prefetchTime()	The amount of time, relative to STS token expiration, that the cached credentials are considered close to stale and should be updated.
AwsCredentials	resolveCredentials()	Returns AwsCredentials that can be used to authorize an AWS request.
Duration	staleTime()	The amount of time, relative to STS token expiration, that the cached credentials are considered stale and should no longer be used.
String	toString()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.auth.credentials.AwsCredentialsProvider

identityType, resolveIdentity

Methods inherited from interface software.amazon.awssdk.identity.spi.IdentityProvider

resolveIdentity, resolveIdentity

Method Details

resolveCredentials

public AwsCredentials resolveCredentials()

Description copied from interface: AwsCredentialsProvider

Returns AwsCredentials that can be used to authorize an AWS request. Each implementation of AWSCredentialsProvider can choose its own strategy for loading credentials. For example, an implementation might load credentials from an existing key management system, or load new credentials when credentials are rotated.

If an error occurs during the loading of credentials or credentials could not be found, a runtime exception will be raised.

Specified by:

resolveCredentials in interface AwsCredentialsProvider

Returns:

AwsCredentials which the caller can use to authorize an AWS request.

close

public void close()

Description copied from interface: SdkAutoCloseable

Specified by:

close in interface AutoCloseable

Specified by:

close in interface SdkAutoCloseable

staleTime

public Duration staleTime()

The amount of time, relative to STS token expiration, that the cached credentials are considered stale and should no longer be used. All threads will block until the value is updated.

prefetchTime

public Duration prefetchTime()

The amount of time, relative to STS token expiration, that the cached credentials are considered close to stale and should be updated.

toString

public String toString()

Overrides:

toString in class Object