使用 Apache HttpComponents 客户端签署 AWS HTTP 请求
Signing AWS HTTP requests with Apache HttpComponents Client
我正在尝试向 AWS Elasticsearch domain protected by an IAM access policy. I need to sign 发出 HTTP 请求,这些请求将获得 AWS 的授权。
我正在使用 Jest, which in turn use Apache HttpComponents Client.
这似乎是一个常见的用例,但我找不到我应该怎么做才能让 Jest 签署所有请求。
我想我找到了! :)
这个项目似乎完全符合我的要求:aws-signing-request-interceptor,描述为 "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".
编辑:我 forked the project 以满足我的需要(Java 7,临时 STS 凭证),并且效果很好。
这里是一个使用示例(这里没有STS临时凭证):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();
这在异步请求的情况下不起作用。
更新:
忽略我之前的评论。在为异步请求添加拦截器后它也可以工作:
final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
@Override
protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
};
我正在尝试向 AWS Elasticsearch domain protected by an IAM access policy. I need to sign 发出 HTTP 请求,这些请求将获得 AWS 的授权。 我正在使用 Jest, which in turn use Apache HttpComponents Client.
这似乎是一个常见的用例,但我找不到我应该怎么做才能让 Jest 签署所有请求。
我想我找到了! :)
这个项目似乎完全符合我的要求:aws-signing-request-interceptor,描述为 "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".
编辑:我 forked the project 以满足我的需要(Java 7,临时 STS 凭证),并且效果很好。
这里是一个使用示例(这里没有STS临时凭证):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();
这在异步请求的情况下不起作用。
更新:
忽略我之前的评论。在为异步请求添加拦截器后它也可以工作:
final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
@Override
protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
};