/** * Starts a new session by sending a request to the AWS Security Token Service (STS) with the long * lived AWS credentials. This class then vends the short lived session credentials sent back from * STS. */ private void startSession() { AssumeRoleWithWebIdentityResult sessionTokenResult = securityTokenService.assumeRoleWithWebIdentity( new AssumeRoleWithWebIdentityRequest() .withWebIdentityToken(wifToken) .withProviderId(wifProvider) .withRoleArn(roleArn) .withRoleSessionName("ProviderSession") .withDurationSeconds(this.sessionDuration)); Credentials stsCredentials = sessionTokenResult.getCredentials(); subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }