Package org.apache.polaris.extension.auth.opa.token

Class FileBearerTokenProvider

java.lang.Object
org.apache.polaris.extension.auth.opa.token.FileBearerTokenProvider
All Implemented Interfaces:
AutoCloseable, BearerTokenProvider
public class FileBearerTokenProvider extends Object implements BearerTokenProvider
A token provider that reads tokens from a file and automatically reloads them based on a configurable refresh interval or JWT expiration timing.

This is particularly useful in Kubernetes environments where tokens are mounted as files and refreshed by external systems (e.g., service account tokens, projected volumes, etc.).

The token file is expected to contain the bearer token as plain text. Leading and trailing whitespace will be trimmed.

If JWT expiration refresh is enabled and the token is a valid JWT with an 'exp' claim, the provider will automatically refresh the token based on the expiration time minus a configurable buffer, rather than using the fixed refresh interval.

  • Constructor Details

    • FileBearerTokenProvider

      public FileBearerTokenProvider(Path tokenFilePath, Duration refreshInterval, boolean jwtExpirationRefresh, Duration jwtExpirationBuffer, Duration initialTokenWait, org.apache.polaris.nosql.async.AsyncExec asyncExec, Supplier<Instant> clock)
      Create a new file-based token provider with JWT expiration support.
      Parameters:
      tokenFilePath - path to the file containing the bearer token
      refreshInterval - how often to check for token file changes (fallback for non-JWT tokens)
      jwtExpirationRefresh - whether to use JWT expiration for refresh timing
      jwtExpirationBuffer - buffer time before JWT expiration to refresh the token
      clock - clock instance for time operations
      Throws:
      IllegalStateException - if the initial token cannot be loaded from the file

  • Method Details