Merge pull request #221 from awslabs/core

Merge core changes for 1.3 release

Author: sapessi

.gitignore

@@ -22,6 +22,10 @@ release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
+.gradle/
+gradle/
+build/
+gradlew*
 
 # Exclude maven wrapper
 !/.mvn/wrapper/maven-wrapper.jar

.travis.yml

@@ -1,4 +1,14 @@
 language: java
+dist: trusty
 jdk:
-  - oraclejdk8
-script: mvn install
+  - openjdk8
+addons:
+  apt:
+    update: true
+before_install:
+  - wget https://services.gradle.org/distributions/gradle-5.0-bin.zip
+  - mkdir /opt/gradle
+  - unzip -d /opt/gradle gradle-5.0-bin.zip
+  - export GRADLE=/opt/gradle/gradle-5.0/bin/gradle
+install: true
+script: ./travis.sh

aws-serverless-java-container-core/pom.xml

@@ -69,9 +69,23 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpmime</artifactId>
-            <version>4.5.3</version>
+            <version>4.5.6</version>
+            <scope>compile</scope>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.5.6</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <version>4.4.10</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -162,7 +176,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>3.3.2</version>
+                <version>${dependencyCheck.version}</version>
                 <configuration>
                     <skipProvidedScope>true</skipProvidedScope>
                     <suppressionFiles>

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/AwsProxyExceptionHandler.java

@@ -16,12 +16,9 @@
 import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.model.AwsProxyResponse;
 import com.amazonaws.serverless.proxy.model.ErrorModel;
-import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
+import com.amazonaws.serverless.proxy.model.Headers;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.jsonFormatVisitors.JsonValueFormat;
-import com.fasterxml.jackson.databind.ser.std.JsonValueSerializer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -30,8 +27,6 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * Default implementation of the <code>ExceptionHandler</code> object that returns AwsProxyResponse objects.
@@ -58,7 +53,7 @@ public class AwsProxyExceptionHandler
     // Variables - Private - Static
     //-------------------------------------------------------------
 
-    private static MultiValuedTreeMap<String, String> headers = new MultiValuedTreeMap<>(String.CASE_INSENSITIVE_ORDER);
+    private static Headers headers = new Headers();
 
     //-------------------------------------------------------------
     // Constructors

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/AwsProxySecurityContextWriter.java

@@ -19,7 +19,7 @@
 import javax.ws.rs.core.SecurityContext;
 
 /**
- * Default impolementation of <code>SecurityContextWriter</code>. Creates a SecurityContext object based on an API Gateway
+ * Default implementation of <code>SecurityContextWriter</code>. Creates a SecurityContext object based on an API Gateway
  * event and the Lambda context. This returns the default <code>AwsProxySecurityContext</code> instance.
  */
 public class AwsProxySecurityContextWriter implements SecurityContextWriter<AwsProxyRequest> {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/ExceptionHandler.java

@@ -20,7 +20,7 @@
  * handled by the client applications directly within the container and a valid HTTP response is expected. This handler
  * is used for exceptions thrown by the library while marshalling and unmarshalling requests and responses.
  *
- * The interface delcares two methods. A typed <code>handle</code> method for requests that are being proxied using a
+ * The interface declares two methods. A typed <code>handle</code> method for requests that are being proxied using a
  * request and response type <code>LambdaContainerHandler</code>, and a stream-based
  * <code>handle</code> method for <a href="http://docs.aws.amazon.com/lambda/latest/dg/java-handler-io-type-stream.html" target="_blank">
  * Lambda's <code>RequestStreamHandler</code></a>.

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/RequestReader.java

@@ -27,7 +27,7 @@
  * object that supports requests for the AWS_PROXY integration.
  *
  * @param <RequestType> The type for the AWS Lambda event
- * @param <ContainerRequestType> The type for the undelying container request object
+ * @param <ContainerRequestType> The type for the underlying container request object
  */
 public abstract class RequestReader<RequestType, ContainerRequestType> {
 
@@ -45,6 +45,11 @@ public abstract class RequestReader<RequestType, ContainerRequestType> {
      */
     public static final String API_GATEWAY_STAGE_VARS_PROPERTY = "com.amazonaws.apigateway.stage.variables";
 
+    /**
+     * The key for the <strong>ALB context</strong> property in the PropertiesDelegate object
+     */
+    public static final String ALB_CONTEXT_PROPERTY = "com.amazonaws.alb.request.context";
+
     /**
      * The key to store the entire API Gateway event
      */

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/ResponseWriter.java

@@ -25,7 +25,7 @@
  * or a <code>ResponseReader</code> implementation. For example, the Jersey library passes the response reader object to
  * the default implementation of this class.
  *
- * @param <ContainerResponseType> The response object expceted from the underlying container
+ * @param <ContainerResponseType> The response object expected from the underlying container
  * @param <ResponseType> The type for the Lambda function return value
  */
 public abstract class ResponseWriter<ContainerResponseType, ResponseType> {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/SecurityUtils.java

@@ -7,9 +7,7 @@
 
 import java.io.File;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Locale;
 import java.util.Set;
 

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java

@@ -12,12 +12,23 @@
  */
 package com.amazonaws.serverless.proxy.internal.jaxrs;
 
+import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.CognitoAuthorizerClaims;
 import com.amazonaws.services.lambda.runtime.Context;
 
+import com.fasterxml.jackson.core.type.TypeReference;
+
 import javax.ws.rs.core.SecurityContext;
+
+import java.io.IOException;
 import java.security.Principal;
+import java.util.Base64;
+import java.util.Map;
+
+import static com.amazonaws.serverless.proxy.model.AwsProxyRequest.*;
+import static com.amazonaws.serverless.proxy.model.AwsProxyRequest.RequestSource.API_GATEWAY;
+
 
 /**
  * default implementation of the <code>SecurityContext</code> object. This class supports 3 API Gateway's authorization methods:
@@ -31,12 +42,15 @@ public class AwsProxySecurityContext
         implements SecurityContext {
 
     //-------------------------------------------------------------
-    // Constants - Private
+    // Constants - Package
     //-------------------------------------------------------------
 
-    private static final String AUTH_SCHEME_CUSTOM = "CUSTOM_AUTHORIZER";
-    private static final String AUTH_SCHEME_COGNITO_POOL = "COGNITO_USER_POOL";
-    private static final String AUTH_SCHEME_AWS_IAM = "AWS_IAM";
+    static final String AUTH_SCHEME_CUSTOM = "CUSTOM_AUTHORIZER";
+    static final String AUTH_SCHEME_COGNITO_POOL = "COGNITO_USER_POOL";
+    static final String AUTH_SCHEME_AWS_IAM = "AWS_IAM";
+
+    static final String ALB_ACESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
+    static final String ALB_IDENTITY_HEADER = "x-amzn-oidc-identity";
 
 
     //-------------------------------------------------------------
@@ -78,7 +92,12 @@ public Principal getUserPrincipal() {
         if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM) || getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
             return () -> {
                 if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM)) {
-                    return event.getRequestContext().getAuthorizer().getPrincipalId();
+                    switch (event.getRequestSource()) {
+                    case API_GATEWAY:
+                        return event.getRequestContext().getAuthorizer().getPrincipalId();
+                    case ALB:
+                        return event.getMultiValueHeaders().getFirst(ALB_IDENTITY_HEADER);
+                    }
                 } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                     // if we received credentials from Cognito Federated Identities then we return the identity id
                     if (event.getRequestContext().getIdentity().getCognitoIdentityId() != null) {
@@ -112,15 +131,24 @@ public boolean isSecure() {
 
 
     public String getAuthenticationScheme() {
-        if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
-            return AUTH_SCHEME_COGNITO_POOL;
-        } else if (event.getRequestContext().getAuthorizer() != null) {
-            return AUTH_SCHEME_CUSTOM;
-        } else if (event.getRequestContext().getIdentity().getAccessKey() != null) {
-            return AUTH_SCHEME_AWS_IAM;
-        } else {
-            return null;
+        switch (event.getRequestSource()) {
+        case API_GATEWAY:
+            if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null
+                && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
+                return AUTH_SCHEME_COGNITO_POOL;
+            } else if (event.getRequestContext().getAuthorizer() != null) {
+                return AUTH_SCHEME_CUSTOM;
+            } else if (event.getRequestContext().getIdentity().getAccessKey() != null) {
+                return AUTH_SCHEME_AWS_IAM;
+            } else {
+                return null;
+            }
+        case ALB:
+            if (event.getMultiValueHeaders().containsKey(ALB_ACESS_TOKEN_HEADER)) {
+                return AUTH_SCHEME_CUSTOM;
+            }
         }
+        return null;
     }