public Credentials unmarshall(StaxUnmarshallerContext context) throws Exception {
    Credentials credentials = new Credentials();
    int originalDepth = context.getCurrentDepth();
    int targetDepth = originalDepth + 1;

    if (context.isStartOfDocument()) targetDepth += 2;

    while (true) {
      XMLEvent xmlEvent = context.nextEvent();
      if (xmlEvent.isEndDocument()) return credentials;

      if (xmlEvent.isAttribute() || xmlEvent.isStartElement()) {
        if (context.testExpression("AccessKeyId", targetDepth)) {
          credentials.setAccessKeyId(StringStaxUnmarshaller.getInstance().unmarshall(context));
          continue;
        }
        if (context.testExpression("SecretAccessKey", targetDepth)) {
          credentials.setSecretAccessKey(StringStaxUnmarshaller.getInstance().unmarshall(context));
          continue;
        }
        if (context.testExpression("SessionToken", targetDepth)) {
          credentials.setSessionToken(StringStaxUnmarshaller.getInstance().unmarshall(context));
          continue;
        }
        if (context.testExpression("Expiration", targetDepth)) {
          credentials.setExpiration(DateStaxUnmarshaller.getInstance().unmarshall(context));
          continue;
        }
      } else if (xmlEvent.isEndElement()) {
        if (context.getCurrentDepth() < originalDepth) {
          return credentials;
        }
      }
    }
  }
  /**
   * Starts a new session by sending a request to the AWS Security Token Service (STS) with the long
   * lived AWS credentials. This class then vends the short lived session credentials sent back from
   * STS.
   */
  private void startSession() {
    AssumeRoleWithWebIdentityResult sessionTokenResult =
        securityTokenService.assumeRoleWithWebIdentity(
            new AssumeRoleWithWebIdentityRequest()
                .withWebIdentityToken(wifToken)
                .withProviderId(wifProvider)
                .withRoleArn(roleArn)
                .withRoleSessionName("ProviderSession")
                .withDurationSeconds(this.sessionDuration));
    Credentials stsCredentials = sessionTokenResult.getCredentials();

    subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken();

    sessionCredentials =
        new BasicSessionCredentials(
            stsCredentials.getAccessKeyId(),
            stsCredentials.getSecretAccessKey(),
            stsCredentials.getSessionToken());
    sessionCredentialsExpiration = stsCredentials.getExpiration();
  }