diff --git a/clients/sellingpartner-api-aa-java/pom.xml b/clients/sellingpartner-api-aa-java/pom.xml
index 5ce406c..52215aa 100644
--- a/clients/sellingpartner-api-aa-java/pom.xml
+++ b/clients/sellingpartner-api-aa-java/pom.xml
@@ -108,6 +108,12 @@
org.apache.httpcomponents
httpclient
4.5.9
+
+
+
+ com.amazonaws
+ aws-java-sdk-sts
+ 1.11.236
diff --git a/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/ApiClient.mustache b/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/ApiClient.mustache
index 2ea2c54..98027ba 100644
--- a/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/ApiClient.mustache
+++ b/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/ApiClient.mustache
@@ -529,7 +529,7 @@ public class ApiClient {
this.awsSigV4Signer = awsSigV4Signer;
return this;
}
-
+
/**
* Format the given parameter object into string.
*
diff --git a/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/api.mustache b/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/api.mustache
index 6d13e68..9a677a9 100644
--- a/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/api.mustache
+++ b/clients/sellingpartner-api-aa-java/resources/swagger-codegen/templates/api.mustache
@@ -43,10 +43,13 @@ import java.util.List;
import java.util.Map;
{{/fullJavaUtil}}
-import com.amazon.SellingPartnerAPIAA.AWSSigV4Signer;
-import com.amazon.SellingPartnerAPIAA.LWAAuthorizationSigner;
-import com.amazon.SellingPartnerAPIAA.LWAAuthorizationCredentials;
import com.amazon.SellingPartnerAPIAA.AWSAuthenticationCredentials;
+import com.amazon.SellingPartnerAPIAA.AWSAuthenticationCredentialsProvider;
+import com.amazon.SellingPartnerAPIAA.AWSSigV4Signer;
+import com.amazon.SellingPartnerAPIAA.LWAAccessTokenCache;
+import com.amazon.SellingPartnerAPIAA.LWAAccessTokenCacheImpl;
+import com.amazon.SellingPartnerAPIAA.LWAAuthorizationCredentials;
+import com.amazon.SellingPartnerAPIAA.LWAAuthorizationSigner;
{{#operations}}
public class {{classname}} {
@@ -275,6 +278,9 @@ public class {{classname}} {
private AWSAuthenticationCredentials awsAuthenticationCredentials;
private LWAAuthorizationCredentials lwaAuthorizationCredentials;
private String endpoint;
+ private LWAAccessTokenCache lwaAccessTokenCache;
+ private Boolean disableAccessTokenCache = false;
+ private AWSAuthenticationCredentialsProvider awsAuthenticationCredentialsProvider;
public Builder awsAuthenticationCredentials(AWSAuthenticationCredentials awsAuthenticationCredentials) {
this.awsAuthenticationCredentials = awsAuthenticationCredentials;
@@ -290,6 +296,22 @@ public class {{classname}} {
this.endpoint = endpoint;
return this;
}
+
+ public Builder lwaAccessTokenCache(LWAAccessTokenCache lwaAccessTokenCache) {
+ this.lwaAccessTokenCache = lwaAccessTokenCache;
+ return this;
+ }
+
+ public Builder disableAccessTokenCache() {
+ this.disableAccessTokenCache = true;
+ return this;
+ }
+
+ public Builder awsAuthenticationCredentialsProvider(AWSAuthenticationCredentialsProvider awsAuthenticationCredentialsProvider) {
+ this.awsAuthenticationCredentialsProvider = awsAuthenticationCredentialsProvider;
+ return this;
+ }
+
public {{classname}} build() {
if (awsAuthenticationCredentials == null) {
@@ -304,8 +326,24 @@ public class {{classname}} {
throw new RuntimeException("Endpoint not set");
}
- AWSSigV4Signer awsSigV4Signer = new AWSSigV4Signer(awsAuthenticationCredentials);
- LWAAuthorizationSigner lwaAuthorizationSigner = new LWAAuthorizationSigner(lwaAuthorizationCredentials);
+ AWSSigV4Signer awsSigV4Signer;
+ if ( awsAuthenticationCredentialsProvider == null) {
+ awsSigV4Signer = new AWSSigV4Signer(awsAuthenticationCredentials);
+ }
+ else {
+ awsSigV4Signer = new AWSSigV4Signer(awsAuthenticationCredentials,awsAuthenticationCredentialsProvider);
+ }
+
+ LWAAuthorizationSigner lwaAuthorizationSigner = null;
+ if (disableAccessTokenCache) {
+ lwaAuthorizationSigner = new LWAAuthorizationSigner(lwaAuthorizationCredentials);
+ }
+ else {
+ if (lwaAccessTokenCache == null) {
+ lwaAccessTokenCache = new LWAAccessTokenCacheImpl();
+ }
+ lwaAuthorizationSigner = new LWAAuthorizationSigner(lwaAuthorizationCredentials,lwaAccessTokenCache);
+ }
return new {{classname}}(new ApiClient()
.setAWSSigV4Signer(awsSigV4Signer)
diff --git a/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSAuthenticationCredentialsProvider.java b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSAuthenticationCredentialsProvider.java
new file mode 100644
index 0000000..853c288
--- /dev/null
+++ b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSAuthenticationCredentialsProvider.java
@@ -0,0 +1,23 @@
+package com.amazon.SellingPartnerAPIAA;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * AWSAuthenticationCredentialsProvider
+ */
+@Data
+@Builder
+public class AWSAuthenticationCredentialsProvider {
+ /**
+ * AWS IAM Role ARN
+ */
+ private String roleArn;
+
+ /**
+ * AWS IAM Role Session Name
+ */
+ private String roleSessionName;
+
+
+}
diff --git a/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSSigV4Signer.java b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSSigV4Signer.java
index ba4e9f0..3d3187e 100644
--- a/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSSigV4Signer.java
+++ b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/AWSSigV4Signer.java
@@ -3,11 +3,15 @@ package com.amazon.SellingPartnerAPIAA;
import com.amazonaws.SignableRequest;
import com.amazonaws.auth.AWS4Signer;
import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.squareup.okhttp.Request;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
+import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
/**
* AWS Signature Version 4 Signer
@@ -21,6 +25,10 @@ public class AWSSigV4Signer {
private AWSCredentials awsCredentials;
+ @Setter(AccessLevel.PACKAGE)
+ @Getter(AccessLevel.PACKAGE)
+ private AWSCredentialsProvider awsCredentialsProvider;
+
/**
*
* @param awsAuthenticationCredentials AWS Developer Account Credentials
@@ -33,6 +41,26 @@ public class AWSSigV4Signer {
awsAuthenticationCredentials.getSecretKey());
}
+ /**
+ *
+ * @param awsAuthenticationCredentials and awsAuthenticationCredentialsProvider AWS Developer Account Credentials
+ */
+ public AWSSigV4Signer(AWSAuthenticationCredentials awsAuthenticationCredentials,
+ AWSAuthenticationCredentialsProvider awsAuthenticationCredentialsProvider) {
+ aws4Signer = new AWS4Signer();
+ aws4Signer.setServiceName(SERVICE_NAME);
+ aws4Signer.setRegionName(awsAuthenticationCredentials.getRegion());
+ BasicAWSCredentials awsBasicCredentials = new BasicAWSCredentials(awsAuthenticationCredentials.getAccessKeyId(),
+ awsAuthenticationCredentials.getSecretKey());
+ awsCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(
+ awsAuthenticationCredentialsProvider.getRoleArn(),
+ awsAuthenticationCredentialsProvider.getRoleSessionName())
+ .withStsClient(AWSSecurityTokenServiceClientBuilder.standard()
+ .withRegion(awsAuthenticationCredentials.getRegion())
+ .withCredentials(new AWSStaticCredentialsProvider(awsBasicCredentials)).build())
+ .build();
+ }
+
/**
* Signs a Request with AWS Signature Version 4
*
@@ -41,8 +69,11 @@ public class AWSSigV4Signer {
*/
public Request sign(Request originalRequest) {
SignableRequest signableRequest = new SignableRequestImpl(originalRequest);
- aws4Signer.sign(signableRequest, awsCredentials);
-
+ if (awsCredentialsProvider != null) {
+ aws4Signer.sign(signableRequest, awsCredentialsProvider.getCredentials());
+ } else {
+ aws4Signer.sign(signableRequest, awsCredentials);
+ }
return (Request) signableRequest.getOriginalRequestObject();
}
-}
+ }
diff --git a/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCache.java b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCache.java
new file mode 100644
index 0000000..8997296
--- /dev/null
+++ b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCache.java
@@ -0,0 +1,6 @@
+package com.amazon.SellingPartnerAPIAA;
+
+public interface LWAAccessTokenCache {
+ String get(Object key);
+ void put(Object key, String accessToken, long tokenTTLInSeconds);
+}
diff --git a/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCacheImpl.java b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCacheImpl.java
new file mode 100644
index 0000000..e5a6a91
--- /dev/null
+++ b/clients/sellingpartner-api-aa-java/src/com/amazon/SellingPartnerAPIAA/LWAAccessTokenCacheImpl.java
@@ -0,0 +1,36 @@
+package com.amazon.SellingPartnerAPIAA;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+public class LWAAccessTokenCacheImpl implements LWAAccessTokenCache {
+ //in milliseconds; to avoid returning a token that would expire before or while a request is made
+ private long expiryAdjustment = 60 * 1000;
+ private static final long SECOND_TO_MILLIS = 1000;
+ private ConcurrentHashMap