Package org.forgerock.openig.filter.oauth2

Class CaffeineCacheAccessTokenResolver

java.lang.Object

org.forgerock.openig.filter.oauth2.CaffeineCacheAccessTokenResolver

All Implemented Interfaces:

Closeable, AutoCloseable, AccessTokenResolver

public final class CaffeineCacheAccessTokenResolver
extends Object
implements AccessTokenResolver, Closeable

A CaffeineCacheAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through Caffeine cache to enable fast AccessTokenInfo resolution.

 
 {
      "type": "CacheAccessTokenResolver",
      "config": {
          "delegate"           :  AccessTokenResolver   [REQUIRED]
          "enabled"            :  expression            [OPTIONAL - default to true.]
          "defaultTimeout"     :  duration              [OPTIONAL - default to 1 minute.]
          "executor"           :  executor              [OPTIONAL - by default, ForkJoinPool#commonPool()
                                                                    is used.]
          "maximumSize"        :  expression(long)      [OPTIONAL - sets the maximum size of the cache.]
          "maximumTimeToCache" :  duration              [OPTIONAL - "zero" and "unlimited" are
                                                                    not acceptable values.]
          "amService"          : AmService              [OPTIONAL - enables the additional features of the AM token
                                                                    notification service to keep the cache in a
                                                                    consistent state. Only makes sense when working
                                                                    with AM and using a token resolver endpoint that
                                                                    provides the necessary metadata required by
                                                                    the cache.]
          "onNotificationDisconnection" :  enum         [OPTIONAL - what to do if AM goes offline:
                                                                    NEVER_CLEAR, CLEAR_ON_DISCONNECT,
                                                                    CLEAR_ON_RECONNECT.
                                                                    Default is: CLEAR_ON_DISCONNECT.]
      }
  }
  
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	CaffeineCacheAccessTokenResolver.Builder	Builder of CaffeineCacheAccessTokenResolver.
static class	CaffeineCacheAccessTokenResolver.Heaplet	Creates and initializes an CaffeineCacheAccessTokenResolver in the heap environment.

Method Summary

Modifier and Type	Method	Description
static CaffeineCacheAccessTokenResolver.Builder	builder(com.github.benmanes.caffeine.cache.Caffeine<Object,Object> caffeine, AccessTokenResolver delegate, Clock clock, Duration defaultTimeout, Duration maximumTimeout)	Creates a CaffeineCacheAccessTokenResolver.Builder to be passed when creating a new CaffeineCacheAccessTokenResolver.
void	close()
Promise<AccessTokenInfo,AccessTokenException>	resolve(Context context, Supplier<Request,IOException> request, String token)	Resolves a given access token against an authorization server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.http.oauth2.AccessTokenResolver

resolve

Method Details

builder

public static CaffeineCacheAccessTokenResolver.Builder builder(com.github.benmanes.caffeine.cache.Caffeine<Object,Object> caffeine,
 AccessTokenResolver delegate,
 Clock clock,
 Duration defaultTimeout,
 Duration maximumTimeout)

Creates a CaffeineCacheAccessTokenResolver.Builder to be passed when creating a new CaffeineCacheAccessTokenResolver.

Parameters:

caffeine - The caffeine cache to use. Not null.

delegate - The resolver to use. Not null.

clock - A clock providing access to the current instant, date and time using a time-zone, not null.

defaultTimeout - The default duration for which to cache AM access tokens. If an AM access token provides a valid expiresAt value to specify the time until which the access token remains valid, IG uses that value or the maxTimeout. Not null.

maximumTimeout - The maximum duration for which to cache AM access tokens. If the expiresAt value provided by the AM access token is after the current time plus the maxTimeout, IG uses the maxTimeout. Can be null.

Returns:

a new CaffeineCacheAccessTokenResolver.Builder instance.

resolve

public Promise<AccessTokenInfo,AccessTokenException> resolve(Context context,
 Supplier<Request,IOException> request,
 String token)

Description copied from interface: AccessTokenResolver

Resolves a given access token against an authorization server.

Specified by:

resolve in interface AccessTokenResolver

Parameters:

context - Context chain used to keep a relationship between requests (tracking)

request - a supplier for the HTTP request the access token was presented on. The request should be defensively copied by the caller in case the resolver needs to consume the entity.

token - token identifier to be resolved

Returns:

a promise completed either with a valid AccessTokenInfo (well-formed, known by the server), or by an exception

close

public void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable