Package com.rabbitmq.client.impl

Class DefaultCredentialsRefreshService

java.lang.Object
com.rabbitmq.client.impl.DefaultCredentialsRefreshService
All Implemented Interfaces:
CredentialsRefreshService
public class DefaultCredentialsRefreshService extends Object implements CredentialsRefreshService
Scheduling-based implementation of CredentialsRefreshService.

This implementation keeps track of entities (typically AMQP connections) that need to renew credentials. Token renewal is scheduled based on token expiration, using a Function<Duration, Long> refreshDelayStrategy. Once credentials for a CredentialsProvider have been renewed, the callback registered by each entity/connection is performed. This callback typically propagates the new credentials in the entity state, e.g. sending the new password to the broker for AMQP connections.

Instances are preferably created with DefaultCredentialsRefreshService.DefaultCredentialsRefreshServiceBuilder.

  • Field Details

    • LOGGER

      private static final org.slf4j.Logger LOGGER

    • scheduler

      private final ScheduledExecutorService scheduler
      Scheduler used to schedule credentials refresh.

      Default is a single-threaded scheduler, which should be enough for most scenarios, assuming that credentials expire after a few minutes or hours. This default scheduler is automatically disposed of when the DefaultCredentialsRefreshService is closed.

      If an external scheduler is passed in, it is the developer's responsibility to close it.

    • credentialsProviderStates

      private final ConcurrentMap<CredentialsProvider,DefaultCredentialsRefreshService.CredentialsProviderState> credentialsProviderStates

    • privateScheduler

      private final boolean privateScheduler

    • refreshDelayStrategy

      private final Function<Duration,Duration> refreshDelayStrategy
      Strategy to schedule credentials refresh after credentials retrieval.

      Typical strategies schedule refresh after a ratio of the time before expiration (e.g. 80 % of the time before expiration) or after a fixed time before expiration (e.g. 20 seconds before credentials expire).

      See Also:

    • approachingExpirationStrategy

      private final Function<Duration,Boolean> approachingExpirationStrategy
      Strategy to provide a hint about whether credentials should be renewed now or not before attempting to connect.

      This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.

      Note setting such a strategy may require knowledge of the credentials validity and must be consistent with the refreshDelayStrategy chosen. For example, for a validity of 60 minutes and a refreshDelayStrategy that instructs to refresh 10 minutes before credentials expire, this strategy could hint that credentials that expire in 11 minutes or less (1 minute before a refresh is actually scheduled) should be refreshed, which would trigger an early refresh.

      The default strategy always return false.

  • Constructor Details

  • Method Details

    • ratioRefreshDelayStrategy

      public static Function<Duration,Duration> ratioRefreshDelayStrategy(double ratio)
      Delay before refresh is a ratio of the time before expiration.

      E.g. if time before expiration is 60 minutes and specified ratio is 0.8, refresh will be scheduled in 60 x 0.8 = 48 minutes.

      Parameters:
      ratio -
      Returns:
      the delay before refreshing

    • fixedDelayBeforeExpirationRefreshDelayStrategy

      public static Function<Duration,Duration> fixedDelayBeforeExpirationRefreshDelayStrategy(Duration duration)
      Delay before refresh is time before expiration - specified duration.

      E.g. if time before expiration is 60 minutes and specified duration is 10 minutes, refresh will be scheduled in 60 - 10 = 50 minutes.

      Parameters:
      duration -
      Returns:
      the delay before refreshing

    • fixedTimeApproachingExpirationStrategy

      public static Function<Duration,Boolean> fixedTimeApproachingExpirationStrategy(Duration limitBeforeExpiration)
      Advise to refresh credentials if TTL <= limit.
      Parameters:
      limitBeforeExpiration -
      Returns:
      true if credentials should be refreshed, false otherwise

    • refresh

      private static Runnable refresh(ScheduledExecutorService scheduler, DefaultCredentialsRefreshService.CredentialsProviderState credentialsProviderState, Function<Duration,Duration> refreshDelayStrategy)

    • register

      public String register(CredentialsProvider credentialsProvider, Callable<Boolean> refreshAction)
      Description copied from interface: CredentialsRefreshService
      Register a new entity that needs credentials renewal.

      The registered callback must return true if the action was performed correctly, throw an exception if something goes wrong, and return false if it became stale and wants to be unregistered.

      Implementations are free to automatically unregister an entity whose callback has failed a given number of times.

      Specified by:
      register in interface CredentialsRefreshService
      Parameters:
      credentialsProvider - the credentials provider
      refreshAction - the action to perform after credentials renewal
      Returns:
      a tracking ID for the registration

    • unregister

      public void unregister(CredentialsProvider credentialsProvider, String registrationId)
      Description copied from interface: CredentialsRefreshService
      Unregister the entity with the given registration ID.

      Its state is cleaned up and its registered callback will not be called again.

      Specified by:
      unregister in interface CredentialsRefreshService
      Parameters:
      credentialsProvider - the credentials provider
      registrationId - the registration ID

    • isApproachingExpiration

      public boolean isApproachingExpiration(Duration timeBeforeExpiration)
      Description copied from interface: CredentialsRefreshService
      Provide a hint about whether credentials should be renewed now or not before attempting to connect.

      This can avoid a connection to use almost expired credentials if this connection is created just before credentials are refreshed in the background, but does not benefit from the refresh.

      Specified by:
      isApproachingExpiration in interface CredentialsRefreshService
      Parameters:
      timeBeforeExpiration -
      Returns:
      true if credentials should be renewed, false otherwise

    • close

      public void close()