阅读背景:

使用Apache httpcomponent客户端签署AWS HTTP请求

来源:互联网 

I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS. I'm using Jest, which in turn use Apache HttpComponents Client.

我正在尝试向AWS弹性搜索域发出HTTP请求,该域受到IAM访问策略的保护。我需要在这些请求上签字,以获得AWS的授权。我正在使用Jest,它反过来使用Apache HttpComponents客户机。

This seems to be a common use case and I was wondering if there is out there some kind of library which I can use on top of Apache HttpComponents Client to sign all the requests.

这似乎是一个常见的用例,我想知道是否存在某种类型的库,我可以在Apache HttpComponents客户机上使用它来签署所有请求。

2 个解决方案

#1


12  

I think I found it! :)

我想我找到了!:)

This project seems to do exactly what I want : aws-signing-request-interceptor, described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".

这个项目似乎完全符合我的要求:AWS - sign- Request - Interceptor,它被描述为“为向AWS签名请求的Apache客户机的请求拦截器”。最初创建是为了支持AWS使用Jest客户端的弹性搜索服务。

Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.

编辑:我放弃了这个项目,以满足我的需求(Java 7,临时STS证书),而且效果很好。

Here is an example of usage (here without STS temporary credentials):

这里有一个使用示例(这里没有STS临时凭证):

String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here

DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));

JestClientFactory factory = new JestClientFactory() {
    @Override
    protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
        builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
        return builder;
    }
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
        .multiThreaded(true)
        .build());
JestClient client = factory.getObject();

#2


2  

This doesn't work in case of Async request.

这在异步请求时不起作用。

Update:

更新:

Ignore my previous comment. It works after adding interceptor for async requests too:

忽略我之前的评论。它在为异步请求添加拦截器之后也可以工作:

final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
            factory = new JestClientFactory() {
                @Override
                protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
                    builder.addInterceptorLast(requestInterceptor);
                    return builder;
                }
                @Override
                protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
                    builder.addInterceptorLast(requestInterceptor);
                    return builder;
                }
            };

分享到: