Class AuthSchemeResolver

java.lang.Object
software.amazon.awssdk.core.http.auth.AuthSchemeResolver

@SdkProtectedApi public final class AuthSchemeResolver extends Object
Shared utility for selecting auth schemes from a list of options.
  • Method Details

    • resolveAuthScheme

      public static SelectedAuthScheme<? extends Identity> resolveAuthScheme(SdkRequest request, ExecutionAttributes executionAttributes)
      Resolve an auth scheme from execution attributes, applying any identity provider overrides. This is a convenience method for use by interceptors that need to resolve an auth scheme outside of the normal pipeline flow (e.g., presign interceptors).
      Parameters:
      request - The SDK request (may contain credential overrides)
      executionAttributes - The execution attributes containing auth scheme resolution inputs
      Returns:
      The selected auth scheme
    • selectAuthScheme

      public static SelectedAuthScheme<? extends Identity> selectAuthScheme(List<AuthSchemeOption> authOptions, Map<String,AuthScheme<?>> authSchemes, IdentityProviders identityProviders, MetricCollector metricCollector)
      Select an auth scheme from the given options.
      Parameters:
      authOptions - List of auth scheme options to try in order
      authSchemes - Map of available auth schemes
      identityProviders - Identity providers to use for resolving identity
      metricCollector - Optional metric collector for recording identity fetch duration
      Returns:
      The selected auth scheme
      Throws:
      SdkException - if no auth scheme could be selected
    • mergePreExistingAuthSchemeProperties

      public static <T extends Identity> SelectedAuthScheme<T> mergePreExistingAuthSchemeProperties(SelectedAuthScheme<T> selectedAuthScheme, ExecutionAttributes executionAttributes)
      Merge properties from any pre-existing auth scheme into the selected one. After auth scheme resolution produces a fresh selectedAuthScheme, this method ensures that any signer properties explicitly set by interceptors (e.g., signing region override) take priority over the resolved values.
    • applyInterceptorModifiedProperties

      public static void applyInterceptorModifiedProperties(SelectedAuthScheme<?> currentScheme, SelectedAuthScheme<?> authSchemeBeforeInterceptors, SelectedAuthScheme<?> afterInterceptors, ExecutionAttributes attrs)
      Re-applies interceptor-modified signer properties onto the current auth scheme. Called after endpoint resolution, which may have overwritten properties that interceptors set.