Package org.forgerock.openig.secrets
Class JwkSetSecretStoreHeaplet
java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.secrets.JwkSetSecretStoreHeaplet
- All Implemented Interfaces:
Heaplet
This heaplet represents an instance of a
JwkSetSecretStore
resolving secrets from an URL of a JSON Web Key
Set(JWKSet
).
{
"type": "JwkSetSecretStore",
"config": {
"jwkUrl": expression [REQUIRED - URL to the JwkSet.]
"leaseExpiry": expression<duration> [OPTIONAL - defaults to 5 minutes.]
"handler": handler [OPTIONAL - the handler to GET the JWKs URL,
- default to ClientHandler.]
"cacheTimeout": duration [OPTIONAL - cache timeout to avoid reloading the cache
all the time when doing encryption -
default is "2 minutes".]
"cacheMissCacheTime": duration [OPTIONAL - the cache time before reloading the cache
in case of a cache miss -
default is "2 minutes".]
}
}
Note: since 7.0.0 the cacheTimeout cannot be deactivated. Its value can not be lower than 10 seconds.
Example:
{
"type": "JwkSetSecretStore",
"config": {
"jwkUrl": "http://openam.example.com:8090/openam/oauth2/connect/jwk_uri",
"handler": "ClientHandler"
}
}
- See Also:
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncreate()
Called to request the heaplet create an object.jwkSetSecretProvider
(URI jwkUri, Handler handler, Clock clock) Create a Secrets provider backed by aJwkSetSecretStore
with default values.jwkSetSecretStore
(URL jwkUrl, Handler handler, Clock clock) Create aJwkSetSecretStore
with default values.Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start
-
Constructor Details
-
JwkSetSecretStoreHeaplet
public JwkSetSecretStoreHeaplet()
-
-
Method Details
-
create
Description copied from class:GenericHeaplet
Called to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)
after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()
method.- Specified by:
create
in classGenericHeaplet
- Returns:
- The created object.
- Throws:
HeapException
- if an exception occurred during creation of the heap object or any of its dependencies.
-
jwkSetSecretStore
public static Promise<JwkSetSecretStore,FailedToLoadJWKException> jwkSetSecretStore(URL jwkUrl, Handler handler, Clock clock) Create aJwkSetSecretStore
with default values.- Parameters:
jwkUrl
- the URL of the JwkSethandler
- the handler used to retrieve the distant JwkSetclock
- the clock to use- Returns:
- a new
JwkSetSecretStore
promise.
-
jwkSetSecretProvider
public static Promise<SecretsProvider,FailedToLoadJWKException> jwkSetSecretProvider(URI jwkUri, Handler handler, Clock clock) Create a Secrets provider backed by aJwkSetSecretStore
with default values.- Parameters:
jwkUri
- the URI of the JwkSethandler
- the handler used to retrieve the distant JwkSetclock
- the clock to use- Returns:
- a new secretsProvider promise backed by a JwkSet secrets store.
-