public Credentials unmarshall(StaxUnmarshallerContext context) throws Exception { Credentials credentials = new Credentials(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; if (context.isStartOfDocument()) targetDepth += 2; while (true) { XMLEvent xmlEvent = context.nextEvent(); if (xmlEvent.isEndDocument()) return credentials; if (xmlEvent.isAttribute() || xmlEvent.isStartElement()) { if (context.testExpression("AccessKeyId", targetDepth)) { credentials.setAccessKeyId(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; } if (context.testExpression("SecretAccessKey", targetDepth)) { credentials.setSecretAccessKey(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; } if (context.testExpression("SessionToken", targetDepth)) { credentials.setSessionToken(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; } if (context.testExpression("Expiration", targetDepth)) { credentials.setExpiration(DateStaxUnmarshaller.getInstance().unmarshall(context)); continue; } } else if (xmlEvent.isEndElement()) { if (context.getCurrentDepth() < originalDepth) { return credentials; } } } }
/** * Starts a new session by sending a request to the AWS Security Token Service (STS) with the long * lived AWS credentials. This class then vends the short lived session credentials sent back from * STS. */ private void startSession() { AssumeRoleWithWebIdentityResult sessionTokenResult = securityTokenService.assumeRoleWithWebIdentity( new AssumeRoleWithWebIdentityRequest() .withWebIdentityToken(wifToken) .withProviderId(wifProvider) .withRoleArn(roleArn) .withRoleSessionName("ProviderSession") .withDurationSeconds(this.sessionDuration)); Credentials stsCredentials = sessionTokenResult.getCredentials(); subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }