我试图向一个由IAM访问策略保护的AWS Elasticsearch域发出HTTP请求。 我需要对这些请求进行签名以使它们获得AWS的授权。
我正在使用Jest,该工具反过来使用Apache HttpComponents Client。
这似乎是一种常见的用例,但我找不到应该如何做才能使Jest为所有请求签署的方法。
我想我找到了它! :)
这个项目似乎正好符合我的需求:aws-signing-request-interceptor,被描述为"Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client."
编辑: 我forked the project以适应我的需求(Java 7,临时STS凭证),而它运行得很好。
这里是一个使用示例(这里没有STS临时凭证):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();
在异步请求的情况下,这种方法无法正常工作。
更新:
忽略我之前的评论。添加异步请求拦截器后,它也可以正常工作:
final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
@Override
protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
};