/**
* Starts a new session by sending a request to the AWS Security Token Service (STS) with the long
* lived AWS credentials. This class then vends the short lived session credentials sent back from
* STS.
*/
private void startSession() {
AssumeRoleWithWebIdentityResult sessionTokenResult =
securityTokenService.assumeRoleWithWebIdentity(
new AssumeRoleWithWebIdentityRequest()
.withWebIdentityToken(wifToken)
.withProviderId(wifProvider)
.withRoleArn(roleArn)
.withRoleSessionName("ProviderSession")
.withDurationSeconds(this.sessionDuration));
Credentials stsCredentials = sessionTokenResult.getCredentials();
subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken();
sessionCredentials =
new BasicSessionCredentials(
stsCredentials.getAccessKeyId(),
stsCredentials.getSecretAccessKey(),
stsCredentials.getSessionToken());
sessionCredentialsExpiration = stsCredentials.getExpiration();
}
