Package org.forgerock.openig.secrets
Class JwkSetSecretStoreHeaplet
java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.secrets.JwkSetSecretStoreHeaplet
- All Implemented Interfaces:
Heaplet
This heaplet represents an instance of a
JwkSetSecretStore resolving secrets from an URL of a JSON Web Key
Set(JWKSet).
{
"type": "JwkSetSecretStore",
"config": {
"jwkUrl": expression [REQUIRED - URL to the JwkSet.]
"leaseExpiry": expression<duration> [OPTIONAL - defaults to 5 minutes.]
"handler": handler [OPTIONAL - the handler to GET the JWKs URL,
- default to ClientHandler.]
"cacheTimeout": duration [OPTIONAL - cache timeout to avoid reloading the cache
all the time when doing encryption -
default is "2 minutes".]
"cacheMissCacheTime": duration [OPTIONAL - the cache time before reloading the cache
in case of a cache miss -
default is "2 minutes".]
}
}
Note: since 7.0.0 the cacheTimeout cannot be deactivated. Its value can not be lower than 10 seconds.
Example:
{
"type": "JwkSetSecretStore",
"config": {
"jwkUrl": "http://openam.example.com:8090/openam/oauth2/connect/jwk_uri",
"handler": "ClientHandler"
}
}
- See Also:
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncreate()Called to request the heaplet create an object.jwkSetSecretProvider(URI jwkUri, Handler handler, Clock clock) Create a Secrets provider backed by aJwkSetSecretStorewith default values.jwkSetSecretStore(URL jwkUrl, Handler handler, Clock clock) Create aJwkSetSecretStorewith default values.Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start
-
Field Details
-
NAME
Public name used by resolver.- See Also:
-
-
Constructor Details
-
JwkSetSecretStoreHeaplet
public JwkSetSecretStoreHeaplet()
-
-
Method Details
-
create
Description copied from class:GenericHeapletCalled to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()method.- Specified by:
createin classGenericHeaplet- Returns:
- The created object.
- Throws:
HeapException- if an exception occurred during creation of the heap object or any of its dependencies.
-
jwkSetSecretStore
public static Promise<JwkSetSecretStore,FailedToLoadJWKException> jwkSetSecretStore(URL jwkUrl, Handler handler, Clock clock) Create aJwkSetSecretStorewith default values.- Parameters:
jwkUrl- the URL of the JwkSethandler- the handler used to retrieve the distant JwkSetclock- the clock to use- Returns:
- a new
JwkSetSecretStorepromise.
-
jwkSetSecretProvider
public static Promise<SecretsProvider,FailedToLoadJWKException> jwkSetSecretProvider(URI jwkUri, Handler handler, Clock clock) Create a Secrets provider backed by aJwkSetSecretStorewith default values.- Parameters:
jwkUri- the URI of the JwkSethandler- the handler used to retrieve the distant JwkSetclock- the clock to use- Returns:
- a new secretsProvider promise backed by a JwkSet secrets store.
-