Class ReactiveLifecycleAwareSessionManager
java.lang.Object
org.springframework.vault.authentication.AuthenticationEventPublisher
org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
org.springframework.vault.authentication.ReactiveLifecycleAwareSessionManager
- All Implemented Interfaces:
DisposableBean,AuthenticationEventMulticaster,ReactiveSessionManager,VaultTokenSupplier
public class ReactiveLifecycleAwareSessionManager
extends LifecycleAwareSessionManagerSupport
implements ReactiveSessionManager, DisposableBean
Reactive implementation of Lifecycle-aware
session manager. This ReactiveSessionManager obtains tokens from an
authentication method upon
request guaranteeing a token to be obtained only
once if multiple threads attempt to obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This
happens 5 seconds before the token expires, see
LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.
This ReactiveSessionManager also implements DisposableBean
to revoke the LoginToken once it's not required anymore. Token
revocation will stop regular token refresh. Tokens are only revoked if the
associated VaultTokenSupplier returns a
service token.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken are looked up in Vault to determine
renewability, remaining TTL, accessor and type, see
LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).
The session manager dispatches authentication events to
AuthenticationListener and AuthenticationErrorListener.
This class is thread-safe and uses lock-free synchronization.
- Since:
- 2.0
- Author:
- Mark Paluch
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static classWraps aVaultTokenand specifies whether the token is revocable on factory shutdown.Nested classes/interfaces inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger -
Field Summary
Fields inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
logger, REFRESH_PERIOD_BEFORE_EXPIRY -
Constructor Summary
ConstructorsConstructorDescriptionReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, ReactiveVaultClient client) Create aReactiveLifecycleAwareSessionManagergivenClientAuthentication,TaskSchedulerandReactiveVaultClient.ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, ReactiveVaultClient client, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create aReactiveLifecycleAwareSessionManagergivenVaultTokenSupplier,TaskSchedulerandReactiveVaultClient.ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient) Create aReactiveLifecycleAwareSessionManagergivenClientAuthentication,TaskSchedulerandWebClient.ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create aReactiveLifecycleAwareSessionManagergivenVaultTokenSupplier,TaskSchedulerandWebClient. -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()Return aVaultToken.protected booleanisTokenRenewable(VaultToken token) Performs a token refresh.revoke()Revoke and drop the currentVaultToken.revoke(VaultToken token) Revoke aVaultToken.voidRevoke and drop the currentVaultTokennow.protected voidRevoke aVaultTokennow and block execution until revocation completes.Methods inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabledMethods inherited from class org.springframework.vault.authentication.AuthenticationEventPublisher
addAuthenticationListener, addErrorListener, multicastEvent, multicastEvent, removeAuthenticationListener, removeErrorListenerMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.vault.authentication.ReactiveSessionManager
getSessionToken
-
Constructor Details
-
ReactiveLifecycleAwareSessionManager
public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient) Create aReactiveLifecycleAwareSessionManagergivenClientAuthentication,TaskSchedulerandWebClient.- Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.webClient- must not be null.
-
ReactiveLifecycleAwareSessionManager
public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create aReactiveLifecycleAwareSessionManagergivenVaultTokenSupplier,TaskSchedulerandWebClient.- Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.webClient- must not be null.refreshTrigger- must not be null.
-
ReactiveLifecycleAwareSessionManager
public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, ReactiveVaultClient client) Create aReactiveLifecycleAwareSessionManagergivenClientAuthentication,TaskSchedulerandReactiveVaultClient.- Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.client- must not be null.- Since:
- 4.1
-
ReactiveLifecycleAwareSessionManager
public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, ReactiveVaultClient client, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create aReactiveLifecycleAwareSessionManagergivenVaultTokenSupplier,TaskSchedulerandReactiveVaultClient.- Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.client- must not be null.refreshTrigger- must not be null.- Since:
- 4.1
-
-
Method Details
-
destroy
public void destroy()- Specified by:
destroyin interfaceDisposableBean
-
revoke
Revoke and drop the currentVaultToken.- Returns:
- a mono emitting completion upon successful revocation.
- Since:
- 3.0.2
-
revokeNow
public void revokeNow()Revoke and drop the currentVaultTokennow.- Since:
- 3.0.2
-
revokeNow
Revoke aVaultTokennow and block execution until revocation completes.- Parameters:
tokenMono-
-
doRevoke
-
revoke
Revoke aVaultToken.- Parameters:
token- the token to revoke, must not be null.
-
renewToken
Performs a token refresh. Create a new token if no token was obtained before. If a token was obtained before, it uses self-renewal to renew the current token. Client-side errors (like permission denied) indicate the token cannot be renewed because it's expired or simply not found.- Returns:
- the
VaultTokenif the refresh was successful or a new token was obtained.Mono.empty()if a new the token expired orMono.error(Throwable)if refresh failed.
-
getVaultToken
Description copied from interface:VaultTokenSupplierReturn aVaultToken. This can declare a Vault login flow to obtain atoken.- Specified by:
getVaultTokenin interfaceVaultTokenSupplier- Returns:
- a
Monowith theVaultToken. - Throws:
VaultException
-
isTokenRenewable
- Returns:
- true if the token is renewable.
-