Signing AWS HTTP requests with Apache HttpComponents Client

问题

I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS. I'm using Jest, which in turn use Apache HttpComponents Client.

This seems to be a common use case and I was wondering if there is out there some kind of library which I can use on top of Apache HttpComponents Client to sign all the requests.

回答1:

I think I found it! :)

This project seems to do exactly what I want : aws-signing-request-interceptor, described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".

Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.

Here is an example of usage (here without STS temporary credentials):

String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here

DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));

JestClientFactory factory = new JestClientFactory() {
    @Override
    protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
        builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
        return builder;
    }
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
        .multiThreaded(true)
        .build());
JestClient client = factory.getObject();

回答2:

This doesn't work in case of Async request.

Update:

Ignore my previous comment. It works after adding interceptor for async requests too:

final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
            factory = new JestClientFactory() {
                @Override
                protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
                    builder.addInterceptorLast(requestInterceptor);
                    return builder;
                }
                @Override
                protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
                    builder.addInterceptorLast(requestInterceptor);
                    return builder;
                }
            };

来源：https://stackoverflow.com/questions/33760144/signing-aws-http-requests-with-apache-httpcomponents-client