Package com.amazonaws.auth
Class STSSessionCredentialsProvider
java.lang.Object
com.amazonaws.auth.STSSessionCredentialsProvider
- All Implemented Interfaces:
AWSCredentialsProvider
,AWSSessionCredentialsProvider
@ThreadSafe
public class STSSessionCredentialsProvider
extends Object
implements AWSSessionCredentialsProvider
AWSCredentialsProvider implementation that uses the AWS Security Token Service to create
temporary, short-lived sessions to use for authentication.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
Default duration for started sessions -
Constructor Summary
ConstructorsConstructorDescriptionSTSSessionCredentialsProvider
(AWSCredentials longLivedCredentials) Constructs a new STSSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSSessionCredentialsProvider
(AWSCredentialsProvider longLivedCredentialsProvider) Constructs a new STSSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSSessionCredentialsProvider
(AWSCredentialsProvider longLivedCredentialsProvider, ClientConfiguration clientConfiguration) Constructs a new STSSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSSessionCredentialsProvider
(AWSCredentials longLivedCredentials, ClientConfiguration clientConfiguration) Constructs a new STSSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.Constructs a new STSSessionCredentialsProvider with the alredy configured STS client. -
Method Summary
Modifier and TypeMethodDescriptionMethod will return valid session credentials or throw an AmazonClientException due to STS service time-out or thread interruption.void
refresh()
Force refresh of session credentials.void
setSTSClientEndpoint
(String endpoint) Deprecated.This method may be removed in a future major version.
-
Field Details
-
DEFAULT_DURATION_SECONDS
public static final int DEFAULT_DURATION_SECONDSDefault duration for started sessions- See Also:
-
-
Constructor Details
-
STSSessionCredentialsProvider
Constructs a new STSSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentials
- The main AWS credentials for a user's account.
-
STSSessionCredentialsProvider
public STSSessionCredentialsProvider(AWSCredentials longLivedCredentials, ClientConfiguration clientConfiguration) Constructs a new STSSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentials
- The main AWS credentials for a user's account.clientConfiguration
- Client configuration connection parameters.
-
STSSessionCredentialsProvider
Constructs a new STSSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a user's account.
-
STSSessionCredentialsProvider
public STSSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, ClientConfiguration clientConfiguration) Constructs a new STSSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS) to request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a user's account.clientConfiguration
- Client configuration connection parameters.
-
STSSessionCredentialsProvider
Constructs a new STSSessionCredentialsProvider with the alredy configured STS client.- Parameters:
sts
- Preconfigured STS client to use for this provider
-
-
Method Details
-
setSTSClientEndpoint
Deprecated.This method may be removed in a future major version. Create multiple providers if you need to work with multiple STS endpoints.Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from. -
getCredentials
Method will return valid session credentials or throw an AmazonClientException due to STS service time-out or thread interruption. The first call will block until valid session credentials are fetched. Subsequent calls will re-use fetched credentials that are still valid. Expiring credentials are automatically refreshed via a background thread. Multiple threads may call this method concurrently without causing simultaneous network calls to the STS service. Care has been taken to resist Throttling exceptions.- Specified by:
getCredentials
in interfaceAWSCredentialsProvider
- Specified by:
getCredentials
in interfaceAWSSessionCredentialsProvider
- Returns:
- AWSCredentials which the caller can use to authorize an AWS request.
-
refresh
public void refresh()Force refresh of session credentials. A decision to use this method should be made judiciously since this class automatically manages refreshing expiring credentials limiting its usefulness. Calling this method may temporarily cause getCredentials() to block until a new session is fetched from the STS service.- Specified by:
refresh
in interfaceAWSCredentialsProvider
-