Class DynamicAuthnFilter

  • All Implemented Interfaces:

    public class DynamicAuthnFilter
    extends com.vmware.vapi.core.DecoratorApiProvider
    Filter that can be used to acquire on-demand security context for requests. This filter is to be used as decorator of the client ApiProvider upon which the Stub classes are Instantiated.

    The filter relies on externally provided Supplier of ExecutionContext.SecurityContexts. To allow for efficient operation a CompletionStage is expected from the supplier.

    Supplier will be invoked once on the first call to obtain security context and will be invoked subsequently when Unauthenticated exception is encountered from the remote service.

    SecurityContextAcquisitionError will be returned when the filter cannot obtain authentication token with the provided Supplier.

    Requests failing with Unauthenticated errors will be retried only once with new credential. If Unauthenticated is encountered with the new credential the error will be returned in the bindings tier.

    Calls waiting on a failing future before the timeout for refreshing failed future lapse will fail with no retry. If multiple retries are to be made to acquire credential this is to be implemented in the future logic.

    • Constructor Detail

      • DynamicAuthnFilter

        public DynamicAuthnFilter​(ApiProvider decoratedProvider,
                                  java.util.function.Supplier<java.util.concurrent.CompletionStage<ExecutionContext.SecurityContext>> supplier,
                                  long timeoutMs)
        Creates a new authentication filter that can be used to create stub that will have all their calls authenticated
        decoratedProvider - ApiProvider that invokes the real API. Typically obtained from a connection.
        supplier - whenever new security context is needed this will be called to obtain a new CompletionStage that will deliver the context. It is expected that this operation is relatively fast. While the completion stage may take time to acquire the actual ExecutionContext.SecurityContext.

        Supplier will be called on the first request and after Unauthenticated errors are reported from the API.

        timeoutMs - is the interval after acquisition of token fails until refresh is attempted. Positive number is required.