aws · sroze · Nov 4, 2021
@@ -62,7 +62,7 @@ private WebIdentityTokenFileCredentialsProvider(BuilderImpl builder) {
                                                     .webIdentityTokenFile(webIdentityTokenFile)
                                                     .build();
 
-            credentialsProvider = WebIdentityCredentialsUtils.factory().create(credentialProperties);
+            credentialsProvider = WebIdentityCredentialsUtils.factory(builder.httpClient).create(credentialProperties);
         } catch (RuntimeException e) {
             // If we couldn't load the credentials provider for some reason, save an exception describing why. This exception
             // will only be raised on calls to getCredentials. We don't want to raise an exception here because it may be
@@ -116,6 +116,11 @@ public interface Builder {
          */
         Builder webIdentityTokenFile(Path webIdentityTokenFile);
 
+        /**
+         * Define the HTTP client used by the token provider.
+         */
+        Builder httpClient(SdkHttpClient httpClient);
+
         /**
          * Create a {@link WebIdentityTokenFileCredentialsProvider} using the configuration applied to this builder.
          */
@@ -126,6 +131,7 @@ static final class BuilderImpl implements Builder {
         private String roleArn;
         private String roleSessionName;
         private Path webIdentityTokenFile;
+        private SdkHttpClient httpClient;
 
         BuilderImpl() {
         }
@@ -160,6 +166,16 @@ public void setWebIdentityTokenFile(Path webIdentityTokenFile) {
             webIdentityTokenFile(webIdentityTokenFile);
         }
 
+        @Override
+        public Builder httpClient(SdkHttpClient httpClient) {
+            this.httpClient = httpClient;
+            return this;
+        }
+
+        public void setHttpClient(SdkHttpClient httpClient) {
+            httpClient(httpClient);
+        }
+
         @Override
         public WebIdentityTokenFileCredentialsProvider build() {
             return new WebIdentityTokenFileCredentialsProvider(this);

@@ -40,11 +40,11 @@ private WebIdentityCredentialsUtils() {
      *
      * @return WebIdentityTokenCredentialsProviderFactory
      */
-    public static WebIdentityTokenCredentialsProviderFactory factory() {
+    public static WebIdentityTokenCredentialsProviderFactory factory(SdkHttpClient httpClient) {
         try {
             Class<?> stsCredentialsProviderFactory = ClassLoaderHelper.loadClass(STS_WEB_IDENTITY_CREDENTIALS_PROVIDER_FACTORY,
                     WebIdentityCredentialsUtils.class);
-            return (WebIdentityTokenCredentialsProviderFactory) stsCredentialsProviderFactory.getConstructor().newInstance();
+            return (WebIdentityTokenCredentialsProviderFactory) stsCredentialsProviderFactory.getConstructor().newInstance(httpClient);
         } catch (ClassNotFoundException e) {
             String message = "To use web identity tokens, the 'sts' service module must be on the class path.";
             log.warn(() -> message);

@@ -48,10 +48,19 @@
  */
 @SdkProtectedApi
 public final class StsWebIdentityCredentialsProviderFactory implements WebIdentityTokenCredentialsProviderFactory {
+    private SdkHttpClient httpClient;
+
+    public StsWebIdentityCredentialsProviderFactory()
+    {}
+
+    public StsWebIdentityCredentialsProviderFactory(SdkHttpClient httpClient)
+    {
+        this.httpClient = httpClient;
+    }
 
     @Override
     public AwsCredentialsProvider create(WebIdentityTokenCredentialProperties credentialProperties) {
-        return new StsWebIdentityCredentialsProvider(credentialProperties);
+        return new StsWebIdentityCredentialsProvider(credentialProperties, this.httpClient);
     }
 
     /**
@@ -63,14 +72,15 @@ private static final class StsWebIdentityCredentialsProvider implements AwsCrede
         private final StsClient stsClient;
         private final StsAssumeRoleWithWebIdentityCredentialsProvider credentialsProvider;
 
-        private StsWebIdentityCredentialsProvider(WebIdentityTokenCredentialProperties credentialProperties) {
+        private StsWebIdentityCredentialsProvider(WebIdentityTokenCredentialProperties credentialProperties, SdkHttpClient httpClient) {
             String roleSessionName = credentialProperties.roleSessionName();
             String sessionName = roleSessionName != null ? roleSessionName : "aws-sdk-java-" + System.currentTimeMillis();
 
             OrRetryCondition retryCondition = OrRetryCondition.create(new StsRetryCondition(),
                                                                       RetryCondition.defaultRetryCondition());
 
             this.stsClient = StsClient.builder()
+                                      .httpClient(httpClient)
                                       .applyMutation(this::configureEndpoint)
                                       .credentialsProvider(AnonymousCredentialsProvider.create())
                                       .overrideConfiguration(o -> o.retryPolicy(r -> r.retryCondition(retryCondition)))