使用 Apache HttpComponents 客户端签署 AWS HTTP 请求 [英] Signing AWS HTTP requests with Apache HttpComponents Client
问题描述
我正在尝试向受保护的 AWS Elasticsearch 域发出 HTTP 请求IAM 访问策略.我需要签署这些请求,以便他们获得授权亚马逊.我正在使用 Jest,而后者又使用 Apache HttpComponents 客户端.
I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS. I'm using Jest, which in turn use Apache HttpComponents Client.
这似乎是一个常见的用例,但我找不到我应该怎么做才能让 Jest 签署所有请求.
This seems to be a common use case, but I can't find what should I do so Jest can sign all requests.
推荐答案
我想我找到了!:)
这个项目似乎完全符合我的要求:aws-signing-request-interceptor,描述为Apache 客户端的请求拦截器,用于签署 AWS 的请求.最初创建是为了使用 Jest 客户端支持 AWS 的 Elasticsearch 服务.".
This project seems to do exactly what I want : aws-signing-request-interceptor, described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".
我分叉项目以满足我的需要(Java 7,临时 STS 凭据),它运行良好.
Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.
以下是使用示例(此处没有 STS 临时凭据):
Here is an example of usage (here without STS temporary credentials):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();
这篇关于使用 Apache HttpComponents 客户端签署 AWS HTTP 请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
