Class CaffeineCacheAccessTokenResolver
- java.lang.Object
-
- org.forgerock.openig.filter.oauth2.CaffeineCacheAccessTokenResolver
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
,AccessTokenResolver
public final class CaffeineCacheAccessTokenResolver extends Object implements AccessTokenResolver, Closeable
ACaffeineCacheAccessTokenResolver
is a delegatingAccessTokenResolver
that uses a write-throughCaffeine
cache to enable fastAccessTokenInfo
resolution.{ "type": "CacheAccessTokenResolver", "config": { "delegate" : AccessTokenResolver [REQUIRED] "enabled" : expression [OPTIONAL - default to true.] "defaultTimeout" : duration [OPTIONAL - default to 1 minute.] "executor" : executor [OPTIONAL - by default, ForkJoinPool#commonPool() is used.] "maximumSize" : expression(long) [OPTIONAL - sets the maximum size of the cache.] "maximumTimeToCache" : duration [OPTIONAL - "zero" and "unlimited" are not acceptable values.] "amService" : AmService [OPTIONAL - enables the additional features of the AM token notification service to keep the cache in a consistent state. Only makes sense when working with AM and using a token resolver endpoint that provides the necessary metadata required by the cache.] "onNotificationDisconnection" : enum [OPTIONAL - what to do if AM goes offline: NEVER_CLEAR, CLEAR_ON_DISCONNECT, CLEAR_ON_RECONNECT. Default is: CLEAR_ON_DISCONNECT.] } }
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CaffeineCacheAccessTokenResolver.Builder
Builder ofCaffeineCacheAccessTokenResolver
.static class
CaffeineCacheAccessTokenResolver.Heaplet
Creates and initializes anCaffeineCacheAccessTokenResolver
in the heap environment.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static CaffeineCacheAccessTokenResolver.Builder
builder(com.github.benmanes.caffeine.cache.Caffeine<Object,Object> caffeine, AccessTokenResolver delegate, Clock clock, Duration defaultTimeout, Duration maximumTimeout)
Creates aCaffeineCacheAccessTokenResolver.Builder
to be passed when creating a newCaffeineCacheAccessTokenResolver
.void
close()
Promise<AccessTokenInfo,AccessTokenException>
resolve(Context context, Supplier<Request,IOException> request, String token)
Resolves a given access token against an authorization server.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.forgerock.http.oauth2.AccessTokenResolver
resolve
-
-
-
-
Method Detail
-
builder
public static CaffeineCacheAccessTokenResolver.Builder builder(com.github.benmanes.caffeine.cache.Caffeine<Object,Object> caffeine, AccessTokenResolver delegate, Clock clock, Duration defaultTimeout, Duration maximumTimeout)
Creates aCaffeineCacheAccessTokenResolver.Builder
to be passed when creating a newCaffeineCacheAccessTokenResolver
.- Parameters:
caffeine
- The caffeine cache to use. Notnull
.delegate
- The resolver to use. Notnull
.clock
- A clock providing access to the current instant, date and time using a time-zone, notnull
.defaultTimeout
- The default duration for which to cache AM access tokens. If an AM access token provides a valid expiresAt value to specify the time until which the access token remains valid, IG uses that value or the maxTimeout. Notnull
.maximumTimeout
- The maximum duration for which to cache AM access tokens. If the expiresAt value provided by the AM access token is after the current time plus the maxTimeout, IG uses the maxTimeout. Can benull
.- Returns:
- a new
CaffeineCacheAccessTokenResolver.Builder
instance.
-
resolve
public Promise<AccessTokenInfo,AccessTokenException> resolve(Context context, Supplier<Request,IOException> request, String token)
Description copied from interface:AccessTokenResolver
Resolves a given access token against an authorization server.- Specified by:
resolve
in interfaceAccessTokenResolver
- Parameters:
context
- Context chain used to keep a relationship between requests (tracking)request
- a supplier for the HTTP request the access token was presented on. The request should be defensively copied by the caller in case the resolver needs to consume the entity.token
- token identifier to be resolved- Returns:
- a promise completed either with a valid
AccessTokenInfo
(well-formed, known by the server), or by an exception
-
close
public void close()
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
-
-