migrated to APIGatewayProxyRequestEvent and ALB

Author: mbfreder

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/AwsAlbExceptionHandler.java

@@ -0,0 +1,90 @@
+package com.amazonaws.serverless.proxy;
+
+import com.amazonaws.serverless.exceptions.InvalidRequestEventException;
+import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
+import com.amazonaws.serverless.proxy.model.AwsProxyResponse;
+import com.amazonaws.serverless.proxy.model.ErrorModel;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import jakarta.ws.rs.InternalServerErrorException;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class AwsAlbExceptionHandler implements ExceptionHandler<AwsProxyResponse>{
+
+    private Logger log = LoggerFactory.getLogger(AwsAlbExceptionHandler.class);
+
+    //-------------------------------------------------------------
+    // Constants
+    //-------------------------------------------------------------
+
+    static final String INTERNAL_SERVER_ERROR = "Internal Server Error";
+    static final String GATEWAY_TIMEOUT_ERROR = "Gateway timeout";
+
+
+    //-------------------------------------------------------------
+    // Variables - Private - Static
+    //-------------------------------------------------------------
+
+    private static final Map<String, List<String>> headers = new HashMap<>();
+
+    //-------------------------------------------------------------
+    // Constructors
+    //-------------------------------------------------------------
+
+    static {
+        List<String> values = new ArrayList<>();
+        values.add(MediaType.APPLICATION_JSON);
+        headers.put(HttpHeaders.CONTENT_TYPE, values);
+    }
+    @Override
+    public AwsProxyResponse handle(Throwable ex) {
+        log.error("Called exception handler for:", ex);
+
+        // adding a print stack trace in case we have no appender or we are running inside SAM local, where need the
+        // output to go to the stderr.
+        ex.printStackTrace();
+        AwsProxyResponse responseEvent = new AwsProxyResponse();
+
+        responseEvent.setMultiValueHeaders(headers);
+        if (ex instanceof InvalidRequestEventException || ex instanceof InternalServerErrorException) {
+            //return new APIGatewayProxyResponseEvent(500, headers, getErrorJson(INTERNAL_SERVER_ERROR));
+            responseEvent.setBody(getErrorJson(INTERNAL_SERVER_ERROR));
+            responseEvent.setStatusCode(500);
+            return responseEvent;
+        } else {
+            responseEvent.setBody(getErrorJson(GATEWAY_TIMEOUT_ERROR));
+            responseEvent.setStatusCode(502);
+            return responseEvent;
+        }
+    }
+
+    @Override
+    public void handle(Throwable ex, OutputStream stream) throws IOException {
+        AwsProxyResponse response = handle(ex);
+
+        LambdaContainerHandler.getObjectMapper().writeValue(stream, response);
+    }
+
+    //-------------------------------------------------------------
+    // Methods - Protected
+    //-------------------------------------------------------------
+
+    String getErrorJson(String message) {
+
+        try {
+            return LambdaContainerHandler.getObjectMapper().writeValueAsString(new ErrorModel(message));
+        } catch (JsonProcessingException e) {
+            log.error("Could not produce error JSON", e);
+            return "{ \"message\": \"" + message + "\" }";
+        }
+    }
+}

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/AwsProxySecurityContextWriter.java

@@ -13,16 +13,16 @@
 package com.amazonaws.serverless.proxy;
 
 import com.amazonaws.serverless.proxy.internal.jaxrs.AwsProxySecurityContext;
-import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.services.lambda.runtime.Context;
 
+import com.amazonaws.services.lambda.runtime.events.apigateway.APIGatewayProxyRequestEvent;
 import jakarta.ws.rs.core.SecurityContext;
 
 /**
  * Default implementation of <code>SecurityContextWriter</code>. Creates a SecurityContext object based on an API Gateway
  * event and the Lambda context. This returns the default <code>AwsProxySecurityContext</code> instance.
  */
-public class AwsProxySecurityContextWriter implements SecurityContextWriter<AwsProxyRequest> {
+public class AwsProxySecurityContextWriter implements SecurityContextWriter<APIGatewayProxyRequestEvent> {
 
     //-------------------------------------------------------------
     // Variables - Private - Static
@@ -36,7 +36,7 @@ public class AwsProxySecurityContextWriter implements SecurityContextWriter<AwsP
     //-------------------------------------------------------------
 
     @Override
-    public SecurityContext writeSecurityContext(AwsProxyRequest event, Context lambdaContext) {
+    public SecurityContext writeSecurityContext(APIGatewayProxyRequestEvent event, Context lambdaContext) {
        currentContext = new AwsProxySecurityContext(lambdaContext, event);
 
         return currentContext;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/RequestReader.java

@@ -50,6 +50,11 @@ public abstract class RequestReader<RequestType, ContainerRequestType> {
      */
     public static final String ALB_CONTEXT_PROPERTY = "com.amazonaws.alb.request.context";
 
+    /**
+     * The key to store the entire Application Load Balancer event
+     */
+    public static final String ALB_EVENT_PROPERTY = "com.amazonaws.alb.request";
+
     /**
      * The key to store the entire API Gateway event
      */

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/SecurityContextWriter.java

@@ -12,7 +12,6 @@
  */
 package com.amazonaws.serverless.proxy;
 
-import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.services.lambda.runtime.Context;
 
 import jakarta.ws.rs.core.SecurityContext;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java

@@ -12,13 +12,13 @@
  */
 package com.amazonaws.serverless.proxy.internal.jaxrs;
 
-import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
-import com.amazonaws.serverless.proxy.model.CognitoAuthorizerClaims;
 import com.amazonaws.services.lambda.runtime.Context;
 
+import com.amazonaws.services.lambda.runtime.events.apigateway.APIGatewayProxyRequestEvent;
 import jakarta.ws.rs.core.SecurityContext;
 
 import java.security.Principal;
+import java.util.Map;
 
 /**
  * default implementation of the <code>SecurityContext</code> object. This class supports 3 API Gateway's authorization methods:
@@ -35,36 +35,38 @@ public class AwsProxySecurityContext
     // Constants - Package
     //-------------------------------------------------------------
 
-    static final String AUTH_SCHEME_CUSTOM = "CUSTOM_AUTHORIZER";
+    public static final String AUTH_SCHEME_CUSTOM = "CUSTOM_AUTHORIZER";
     static final String AUTH_SCHEME_COGNITO_POOL = "COGNITO_USER_POOL";
     static final String AUTH_SCHEME_AWS_IAM = "AWS_IAM";
-
-    static final String ALB_ACESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
-    static final String ALB_IDENTITY_HEADER = "x-amzn-oidc-identity";
+    static final String PRINCIPAL_ID_KEY = "principal_id";
+    static final String CLAIMS_KEY = "claims";
+    static final String SUB_KEY = "sub";
+    public static final String ALB_ACESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
+    public static final String ALB_IDENTITY_HEADER = "x-amzn-oidc-identity";
 
 
     //-------------------------------------------------------------
     // Variables - Private
     //-------------------------------------------------------------
 
     private Context lambdaContext;
-    private AwsProxyRequest event;
+    private APIGatewayProxyRequestEvent event;
 
 
     public Context getLambdaContext() {
         return lambdaContext;
     }
 
 
-    public AwsProxyRequest getEvent() {
+    public APIGatewayProxyRequestEvent getEvent() {
         return event;
     }
 
     //-------------------------------------------------------------
     // Constructors
     //-------------------------------------------------------------
 
-    public AwsProxySecurityContext(final Context lambdaContext, final AwsProxyRequest event) {
+    public AwsProxySecurityContext(final Context lambdaContext, final APIGatewayProxyRequestEvent event) {
         this.lambdaContext = lambdaContext;
         this.event = event;
     }
@@ -83,12 +85,7 @@ public Principal getUserPrincipal() {
         if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM) || getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
             return () -> {
                 if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM)) {
-                    switch (event.getRequestSource()) {
-                    case API_GATEWAY:
-                        return event.getRequestContext().getAuthorizer().getPrincipalId();
-                    case ALB:
-                        return event.getMultiValueHeaders().getFirst(ALB_IDENTITY_HEADER);
-                    }
+                    return event.getRequestContext().getAuthorizer().get(PRINCIPAL_ID_KEY).toString();
                 } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                     // if we received credentials from Cognito Federated Identities then we return the identity id
                     if (event.getRequestContext().getIdentity().getCognitoIdentityId() != null) {
@@ -104,7 +101,7 @@ public Principal getUserPrincipal() {
         }
 
         if (getAuthenticationScheme().equals(AUTH_SCHEME_COGNITO_POOL)) {
-            return new CognitoUserPoolPrincipal(event.getRequestContext().getAuthorizer().getClaims());
+            return new CognitoUserPoolPrincipal((Map<String, String>) event.getRequestContext().getAuthorizer().get(CLAIMS_KEY));
         }
 
         throw new RuntimeException("Cannot recognize authorization scheme in event");
@@ -125,24 +122,15 @@ public boolean isSecure() {
 
     @Override
     public String getAuthenticationScheme() {
-        switch (event.getRequestSource()) {
-        case API_GATEWAY:
-            if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null
-                && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
-                return AUTH_SCHEME_COGNITO_POOL;
-            } else if (event.getRequestContext().getAuthorizer() != null) {
-                return AUTH_SCHEME_CUSTOM;
-            } else if (event.getRequestContext().getIdentity().getAccessKey() != null) {
-                return AUTH_SCHEME_AWS_IAM;
-            } else {
-                return null;
-            }
-        case ALB:
-            if (event.getMultiValueHeaders().containsKey(ALB_ACESS_TOKEN_HEADER)) {
-                return AUTH_SCHEME_CUSTOM;
-            }
+        if (event.getRequestContext().getAuthorizer() != null && ((Map<String, String>) event.getRequestContext().getAuthorizer().get(CLAIMS_KEY)).get(SUB_KEY) != null) {
+            return AUTH_SCHEME_COGNITO_POOL;
+        } else if (event.getRequestContext().getAuthorizer() != null) {
+            return AUTH_SCHEME_CUSTOM;
+        } else if (event.getRequestContext().getIdentity() != null && event.getRequestContext().getIdentity().getAccessKey() != null) {
+            return AUTH_SCHEME_AWS_IAM;
+        } else {
+            return null;
         }
-        return null;
     }
 
 
@@ -152,18 +140,18 @@ public String getAuthenticationScheme() {
      */
     public static class CognitoUserPoolPrincipal implements Principal {
 
-        private CognitoAuthorizerClaims claims;
+        private Map<String, String> claims;
 
-        CognitoUserPoolPrincipal(CognitoAuthorizerClaims c) {
+        CognitoUserPoolPrincipal(Map<String, String> c) {
             claims = c;
         }
 
         @Override
         public String getName() {
-            return claims.getSubject();
+            return claims.get(SUB_KEY);
         }
 
-        public CognitoAuthorizerClaims getClaims() {
+        public Map<String, String> getClaims() {
             return claims;
         }
     }

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/ApacheCombinedServletLogFormatter.java

@@ -13,8 +13,8 @@
 package com.amazonaws.serverless.proxy.internal.servlet;
 
 import com.amazonaws.serverless.proxy.LogFormatter;
-import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext;
 
+import com.amazonaws.services.lambda.runtime.events.apigateway.APIGatewayProxyRequestEvent;
 import com.amazonaws.services.lambda.runtime.events.apigateway.APIGatewayV2HTTPEvent;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
@@ -78,7 +78,7 @@ public ApacheCombinedServletLogFormatter() {
     public String format(ContainerRequestType servletRequest, ContainerResponseType servletResponse, SecurityContext ctx) {
         //LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
         StringBuilder logLineBuilder = new StringBuilder();
-        AwsProxyRequestContext gatewayContext = (AwsProxyRequestContext)servletRequest.getAttribute(API_GATEWAY_CONTEXT_PROPERTY);
+        APIGatewayProxyRequestEvent.ProxyRequestContext gatewayContext = (APIGatewayProxyRequestEvent.ProxyRequestContext)servletRequest.getAttribute(API_GATEWAY_CONTEXT_PROPERTY);
         APIGatewayV2HTTPEvent.RequestContext httpApiContext = (APIGatewayV2HTTPEvent.RequestContext)servletRequest.getAttribute(HTTP_API_CONTEXT_PROPERTY);
 
         // %h
@@ -107,7 +107,7 @@ public String format(ContainerRequestType servletRequest, ContainerResponseType
 
         // %t
         long timeEpoch = ZonedDateTime.now(clock).toEpochSecond();
-        if (gatewayContext != null && gatewayContext.getRequestTimeEpoch() > 0) {
+        if (gatewayContext != null && gatewayContext.getRequestTimeEpoch() != null && gatewayContext.getRequestTimeEpoch() > 0) {
             timeEpoch = gatewayContext.getRequestTimeEpoch() / 1000;
         } else if (httpApiContext != null && httpApiContext.getTimeEpoch() > 0) {
             timeEpoch = httpApiContext.getTimeEpoch() / 1000;