Interface AuthTokenManager

All Known Implementing Classes:
ExpirationBasedAuthTokenManager, StaticAuthTokenManager, ValidatingAuthTokenManager

public interface AuthTokenManager
A manager of AuthToken instances used by the driver.

The manager must manage tokens for the same identity. Therefore, it is not intended for a change of identity.

Implementations should supply the same token unless it needs to be updated since a change of token might result in extra processing by the driver.

Driver initializes new connections with a token supplied by the manager. If token changes, driver action depends on connection's Bolt protocol version:

  • Bolt 5.1 or above - LOGOFF and LOGON messages are dispatched to update the token on next interaction
  • Bolt 5.0 or below - connection is closed an a new one is initialized with the new token

All implementations of this interface must be thread-safe and non-blocking for caller threads. For instance, IO operations must not be done on the calling thread.

Since:
5.8
  • Method Details

    • getToken

      Returns a CompletionStage for a valid AuthToken.

      Driver invokes this method often to check if token has changed.

      Failures will surface via the driver API, like Session.beginTransaction() method and others.

      Returns:
      a stage for a valid token, must not be null or complete with null
      See Also:
    • handleSecurityException

      boolean handleSecurityException(AuthToken authToken, SecurityException exception)
      Handles SecurityException that is created based on the server's security error response by determining if the given error may be resolved upon next getToken() invokation.

      If this method returns true, the driver wraps the original SecurityException in SecurityRetryableException. The managed transaction API (like Session.executeRead(TransactionCallback), etc.) automatically retries its unit of work if no other condition is violated, while the other query execution APIs surface this error for external handling.

      If this method returns false, the original error remains unchanged.

      This method must not throw exceptions.

      Parameters:
      authToken - the current token
      exception - the security exception
      Returns:
      true if the exception should be marked as retryable or false if it should remain unchanged
      Since:
      5.12