Revised mechanisms for getting the STS token duration

src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java

@@ -42,7 +42,7 @@
 import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
 import com.cloudbees.plugins.credentials.CredentialsDescriptor;
 import com.cloudbees.plugins.credentials.CredentialsScope;
-import javax.annotation.CheckForNull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
 import javax.annotation.Nonnull;
 import hudson.Extension;
 import hudson.ProxyConfiguration;
@@ -74,8 +74,7 @@ public class AWSCredentialsImpl extends BaseAmazonWebServicesCredentials impleme
     private final String iamRoleArn;
     private final String iamMfaSerialNumber;
 
-    @CheckForNull
-    private Integer stsTokenDuration;
+    private volatile Integer stsTokenDuration;
 
     // Old data bound constructor. It is maintained to keep binary compatibility with clients that were using it directly.
     public AWSCredentialsImpl(@CheckForNull CredentialsScope scope, @CheckForNull String id,
@@ -141,7 +140,7 @@ public AWSCredentials getCredentials() {
             }
 
             AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn)
-                    .withDurationSeconds(stsTokenDuration);
+                    .withDurationSeconds(this.getStsTokenDuration());
 
             AssumeRoleResult assumeResult = client.assumeRole(assumeRequest);
 
@@ -158,7 +157,7 @@ public AWSCredentials getCredentials(String mfaToken) {
         AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn)
                 .withSerialNumber(iamMfaSerialNumber)
                 .withTokenCode(mfaToken)
-                .withDurationSeconds(stsTokenDuration);
+                .withDurationSeconds(this.getStsTokenDuration());
 
         AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest);