Package org.forgerock.openig.secrets

Class JwkSetSecretStoreHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.secrets.JwkSetSecretStoreHeaplet

All Implemented Interfaces:

Heaplet

public class JwkSetSecretStoreHeaplet
extends GenericHeaplet

This heaplet represents an instance of a JwkSetSecretStore resolving secrets from an URL of a JSON Web Key Set(JWKSet).

 {
       "type": "JwkSetSecretStore",
       "config": {
         "jwkUrl":                 expression                 [REQUIRED - URL to the JwkSet.]
         "leaseExpiry":            expression<duration>       [OPTIONAL - defaults to 5 minutes.]
         "handler":                handler                    [OPTIONAL - the handler to GET the JWKs URL,
                                                                        - default to ClientHandler.]
         "cacheTimeout":           duration                   [OPTIONAL - cache timeout to avoid reloading the cache
                                                                          all the time when doing encryption -
                                                                          default is "2 minutes".]
         "cacheMissCacheTime":     duration                   [OPTIONAL - the cache time before reloading the cache
                                                                          in case of a cache miss -
                                                                          default is "2 minutes".]
       }
    }
 

Note: since 7.0.0 the cacheTimeout cannot be deactivated. Its value can not be lower than 10 seconds.

Example:

 {
       "type": "JwkSetSecretStore",
       "config": {
         "jwkUrl": "http://openam.example.com:8090/openam/oauth2/connect/jwk_uri",
         "handler": "ClientHandler"
       }
    }
 

See Also:

JwksStore, JwkSetSecretStore

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
JwkSetSecretStoreHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.
static JwkSetSecretStore	jwkSetSecretStore(URL jwkUrl, Handler handler, Clock clock)	Create a JwkSetSecretStore with default values.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getSecretsProvider, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JwkSetSecretStoreHeaplet

public JwkSetSecretStoreHeaplet()

Method Detail

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.

jwkSetSecretStore

public static JwkSetSecretStore jwkSetSecretStore(URL jwkUrl,
                                                  Handler handler,
                                                  Clock clock)
                                           throws HeapException

Create a JwkSetSecretStore with default values.

Parameters:

jwkUrl - the URL of the JwkSet

handler - the handler used to retrieve the distant JwkSet

clock - the clock to use

Returns:

a new JwkSetSecretStore

Throws:

HeapException - should there be an error