AM 7.3.0

Inject objects into a node instance

A node instance is constructed every time that node is reached in a tree and is discarded as soon as it has been used to process the state once.

This model is different to authentication modules which are instantiated once for each end-user authentication process. All authentication interactions for the life of the authentication process address the same instance in the same JVM.

Modules can store state in the module instance; however, state stored in a node is lost when the node’s process method completes. To make state available for other nodes in the tree, nodes must return the state to the user or store it in the shared state.

AM uses Google’s Guice dependency injection framework for authentication nodes and uses Guice to manage most of its object life-cycles. Use just-in-time bindings from the constructor to inject an object from Guice.

The following node-specific instances are available from Guice:

@Assisted Realm

The realm that the node is in.

@Assisted UUID

The unique ID of the node instance.

@Assisted AuthTree

The tree that this node is being processed as part of.

<T> @Assisted T

The configuration object that is an instance of the interface specified in the configClass metadata parameter.

Any other objects in AM that are managed by Guice can also be obtained from within the constructor.

The OTP Email Sender node supports plain text notifications only. You cannot include HTML-rich notifications that use information from shared or transient state. If you need to support HTML notifications, you can use a Groovy script with a private HTTP client that makes the REST API calls and places the output in a scripted decision node.

The following example is the injection used by the Account Lockout node:

public AccountLockoutNode(CoreWrapper coreWrapper, @Assisted Config config)
        throws NodeProcessException {
    this.coreWrapper = coreWrapper;
    this.config = config;

For more information, refer to the Inject and Assisted annotation types in the Google Guice Javadoc.

Use a cache

You can use Guice injection to cache information in a node by annotating the object that contains the cache with the @Singleton annotation, for example:

  outcomeProvider = SingleOutcomeNode.OutcomeProvider.class,
  configClass = MyCustomNode.Config.class)
  public class MyCustomNode extends SingleOutcomeNode {

    public interface Config {
      String url();

    private final Config config;
    private final MyCustomNodeCache cache;

    public MyCustomNode(@Assisted Config config, MyCustomNodeCache cache) {
      this.config = config;
      this.cache = cache;

    public Action process(TreeContext context) {
      CachedThing thing = cache.getThing(config.url());
      // implement node logic here

class MyCustomNodeCache {
   private final LoadingCache<String, CachedThing> cache =
         .build(CacheLoader.from(url -> read(url)));

   public CachedThing get(String url) {
      return cache.get(url);

   private CachedThing read(String url) {
      // Access resource and construct

Custom Guice bindings

If just-in-time bindings are not sufficient for your use case, you can add your own Guice module into the injector configuration by implementing your own and registering it using the service loader mechanism. For example:

// com/example/
public class MyCustomModule extends AbstractModule {
   protected void configure() {
      // and so on
// META-INF/services/
// Refer to

The MyCustomModule object will then be automatically configured as part of the injector creation.

Copyright © 2010-2023 ForgeRock, all rights reserved.