Experimental ALB support to address issue #214

Author: sapessi

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/RequestReader.java

@@ -45,6 +45,11 @@ public abstract class RequestReader<RequestType, ContainerRequestType> {
      */
     public static final String API_GATEWAY_STAGE_VARS_PROPERTY = "com.amazonaws.apigateway.stage.variables";
 
+    /**
+     * The key for the <strong>ALB context</strong> property in the PropertiesDelegate object
+     */
+    public static final String ALB_CONTEXT_PROPERTY = "com.amazonaws.alb.request.context";
+
     /**
      * The key to store the entire API Gateway event
      */

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java

@@ -12,12 +12,23 @@
  */
 package com.amazonaws.serverless.proxy.internal.jaxrs;
 
+import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.CognitoAuthorizerClaims;
 import com.amazonaws.services.lambda.runtime.Context;
 
+import com.fasterxml.jackson.core.type.TypeReference;
+
 import javax.ws.rs.core.SecurityContext;
+
+import java.io.IOException;
 import java.security.Principal;
+import java.util.Base64;
+import java.util.Map;
+
+import static com.amazonaws.serverless.proxy.model.AwsProxyRequest.*;
+import static com.amazonaws.serverless.proxy.model.AwsProxyRequest.RequestSource.API_GATEWAY;
+
 
 /**
  * default implementation of the <code>SecurityContext</code> object. This class supports 3 API Gateway's authorization methods:
@@ -38,6 +49,9 @@ public class AwsProxySecurityContext
     private static final String AUTH_SCHEME_COGNITO_POOL = "COGNITO_USER_POOL";
     private static final String AUTH_SCHEME_AWS_IAM = "AWS_IAM";
 
+    private static final String ALB_ACESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
+    private static final String ALB_IDENTITY_HEADER = "x-amzn-oidc-identity";
+
 
     //-------------------------------------------------------------
     // Variables - Private
@@ -78,7 +92,12 @@ public Principal getUserPrincipal() {
         if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM) || getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
             return () -> {
                 if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM)) {
-                    return event.getRequestContext().getAuthorizer().getPrincipalId();
+                    switch (event.getRequestSource()) {
+                    case API_GATEWAY:
+                        return event.getRequestContext().getAuthorizer().getPrincipalId();
+                    case ALB:
+                        return event.getMultiValueHeaders().getFirst(ALB_IDENTITY_HEADER);
+                    }
                 } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                     // if we received credentials from Cognito Federated Identities then we return the identity id
                     if (event.getRequestContext().getIdentity().getCognitoIdentityId() != null) {
@@ -112,15 +131,24 @@ public boolean isSecure() {
 
 
     public String getAuthenticationScheme() {
-        if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
-            return AUTH_SCHEME_COGNITO_POOL;
-        } else if (event.getRequestContext().getAuthorizer() != null) {
-            return AUTH_SCHEME_CUSTOM;
-        } else if (event.getRequestContext().getIdentity().getAccessKey() != null) {
-            return AUTH_SCHEME_AWS_IAM;
-        } else {
-            return null;
+        switch (event.getRequestSource()) {
+        case API_GATEWAY:
+            if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null
+                && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
+                return AUTH_SCHEME_COGNITO_POOL;
+            } else if (event.getRequestContext().getAuthorizer() != null) {
+                return AUTH_SCHEME_CUSTOM;
+            } else if (event.getRequestContext().getIdentity().getAccessKey() != null) {
+                return AUTH_SCHEME_AWS_IAM;
+            } else {
+                return null;
+            }
+        case ALB:
+            if (event.getMultiValueHeaders().containsKey(ALB_ACESS_TOKEN_HEADER)) {
+                return AUTH_SCHEME_CUSTOM;
+            }
         }
+        return null;
     }
 
 

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/ApacheCombinedServletLogFormatter.java

@@ -2,7 +2,8 @@
 
 
 import com.amazonaws.serverless.proxy.LogFormatter;
-import com.amazonaws.serverless.proxy.model.ApiGatewayRequestContext;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
@@ -19,6 +20,7 @@
 import java.util.Locale;
 
 import static com.amazonaws.serverless.proxy.RequestReader.API_GATEWAY_CONTEXT_PROPERTY;
+import static com.amazonaws.serverless.proxy.RequestReader.API_GATEWAY_EVENT_PROPERTY;
 import static java.time.temporal.ChronoField.DAY_OF_MONTH;
 import static java.time.temporal.ChronoField.HOUR_OF_DAY;
 import static java.time.temporal.ChronoField.MINUTE_OF_HOUR;
@@ -64,14 +66,15 @@ public ApacheCombinedServletLogFormatter() {
     public String format(ContainerRequestType servletRequest, ContainerResponseType servletResponse, SecurityContext ctx) {
         //LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
         StringBuilder logLineBuilder = new StringBuilder();
-        ApiGatewayRequestContext gatewayContext = (ApiGatewayRequestContext)servletRequest.getAttribute(API_GATEWAY_CONTEXT_PROPERTY);
+        AwsProxyRequest req = (AwsProxyRequest)servletRequest.getAttribute(API_GATEWAY_EVENT_PROPERTY);
+        AwsProxyRequestContext gatewayContext = req.getRequestContext();
 
         // %h
         logLineBuilder.append(servletRequest.getRemoteAddr());
         logLineBuilder.append(" ");
 
         // %l
-        if (gatewayContext != null) {
+        if (gatewayContext != null && req.getRequestSource() == AwsProxyRequest.RequestSource.API_GATEWAY) {
             if (gatewayContext.getIdentity().getUserArn() != null) {
                 logLineBuilder.append(gatewayContext.getIdentity().getUserArn());
             } else {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java

@@ -14,12 +14,11 @@
 
 import com.amazonaws.serverless.proxy.RequestReader;
 import com.amazonaws.serverless.proxy.internal.SecurityUtils;
-import com.amazonaws.serverless.proxy.model.ApiGatewayRequestContext;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext;
 import com.amazonaws.serverless.proxy.model.ContainerConfig;
 import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
 import com.amazonaws.services.lambda.runtime.Context;
 
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -34,16 +33,13 @@
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
 import java.time.format.DateTimeFormatter;
-import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.stream.Collectors;
 
 
 /**
@@ -116,7 +112,7 @@ public String getRequestedSessionId() {
     public HttpSession getSession(boolean b) {
         log.debug("Trying to access session. Lambda functions are stateless and should not rely on the session");
         if (b && null == this.session) {
-            ApiGatewayRequestContext requestContext = (ApiGatewayRequestContext) getAttribute(RequestReader.API_GATEWAY_CONTEXT_PROPERTY);
+            AwsProxyRequestContext requestContext = (AwsProxyRequestContext) getAttribute(RequestReader.API_GATEWAY_CONTEXT_PROPERTY);
             this.session = new AwsHttpSession(requestContext.getRequestId());
         }
         return this.session;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletResponse.java

@@ -13,6 +13,7 @@
 package com.amazonaws.serverless.proxy.internal.servlet;
 
 import com.amazonaws.serverless.proxy.internal.SecurityUtils;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -33,6 +34,9 @@
 import java.util.*;
 import java.util.concurrent.CountDownLatch;
 
+import static com.amazonaws.serverless.proxy.RequestReader.API_GATEWAY_EVENT_PROPERTY;
+
+
 /**
  * Basic implementation of the <code>HttpServletResponse</code> object. This is used by the <code>AwsProxyHttpServletResponseWriter</code>
  * to generate an <code>AwsProxyResponse</code> object. We have an additional <code>getAwsResponseHeaders()</code> method
@@ -443,6 +447,10 @@ MultiValuedTreeMap<String, String> getAwsResponseHeaders() {
         return headers;
     }
 
+    AwsProxyRequest getAwsProxyRequest() {
+        return (AwsProxyRequest)request.getAttribute(API_GATEWAY_EVENT_PROPERTY);
+    }
+
 
     //-------------------------------------------------------------
     // Methods - Private

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -800,13 +800,15 @@ private List<String> getHeaderValues(String key) {
         // special cases for referer and user agent headers
         List<String> values = new ArrayList<>();
 
-        if ("referer".equals(key.toLowerCase(Locale.ENGLISH))) {
-            values.add(request.getRequestContext().getIdentity().getCaller());
-            return values;
-        }
-        if ("user-agent".equals(key.toLowerCase(Locale.ENGLISH))) {
-            values.add(request.getRequestContext().getIdentity().getUserAgent());
-            return values;
+        if (request.getRequestSource() == AwsProxyRequest.RequestSource.API_GATEWAY) {
+            if ("referer".equals(key.toLowerCase(Locale.ENGLISH))) {
+                values.add(request.getRequestContext().getIdentity().getCaller());
+                return values;
+            }
+            if ("user-agent".equals(key.toLowerCase(Locale.ENGLISH))) {
+                values.add(request.getRequestContext().getIdentity().getUserAgent());
+                return values;
+            }
         }
 
         if (request.getMultiValueHeaders() == null) {

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequestReader.java

@@ -35,6 +35,7 @@ public class AwsProxyHttpServletRequestReader extends RequestReader<AwsProxyRequ
     @Override
     public AwsProxyHttpServletRequest readRequest(AwsProxyRequest request, SecurityContext securityContext, Context lambdaContext, ContainerConfig config)
             throws InvalidRequestEventException {
+
         request.setPath(stripBasePath(request.getPath(), config));
         if (request.getMultiValueHeaders().getFirst(HttpHeaders.CONTENT_TYPE) != null) {
             String contentType = request.getMultiValueHeaders().getFirst(HttpHeaders.CONTENT_TYPE);
@@ -45,6 +46,7 @@ public AwsProxyHttpServletRequest readRequest(AwsProxyRequest request, SecurityC
         servletRequest.setAttribute(API_GATEWAY_CONTEXT_PROPERTY, request.getRequestContext());
         servletRequest.setAttribute(API_GATEWAY_STAGE_VARS_PROPERTY, request.getStageVariables());
         servletRequest.setAttribute(API_GATEWAY_EVENT_PROPERTY, request);
+        servletRequest.setAttribute(ALB_CONTEXT_PROPERTY, request.getRequestContext().getElb());
         servletRequest.setAttribute(LAMBDA_CONTEXT_PROPERTY, lambdaContext);
         servletRequest.setAttribute(JAX_SECURITY_CONTEXT_PROPERTY, securityContext);
 

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletResponseWriter.java

@@ -17,10 +17,18 @@
 import com.amazonaws.serverless.proxy.ResponseWriter;
 import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
 import com.amazonaws.serverless.proxy.internal.testutils.Timer;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.AwsProxyResponse;
 import com.amazonaws.services.lambda.runtime.Context;
 
+import org.apache.http.HttpStatus;
+
+import javax.ws.rs.core.Response;
+
 import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
 
 /**
  * Creates an <code>AwsProxyResponse</code> object given an <code>AwsHttpServletResponse</code> object. If the
@@ -53,6 +61,10 @@ public AwsProxyResponse writeResponse(AwsHttpServletResponse containerResponse,
 
         awsProxyResponse.setStatusCode(containerResponse.getStatus());
 
+        if (containerResponse.getAwsProxyRequest().getRequestSource() == AwsProxyRequest.RequestSource.ALB) {
+            awsProxyResponse.setStatusDescription(containerResponse.getStatus() + " " + Response.Status.fromStatusCode(containerResponse.getStatus()).getReasonPhrase());
+        }
+
         Timer.stop("SERVLET_RESPONSE_WRITE");
         return awsProxyResponse;
     }

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/testutils/AwsProxyRequestBuilder.java

@@ -13,19 +13,18 @@
 package com.amazonaws.serverless.proxy.internal.testutils;
 
 import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
+import com.amazonaws.serverless.proxy.model.AlbContext;
 import com.amazonaws.serverless.proxy.model.ApiGatewayAuthorizerContext;
-import com.amazonaws.serverless.proxy.model.ApiGatewayRequestContext;
+import com.amazonaws.serverless.proxy.model.AwsProxyRequestContext;
 import com.amazonaws.serverless.proxy.model.ApiGatewayRequestIdentity;
 import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.CognitoAuthorizerClaims;
 import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpEntity;
-import org.apache.http.entity.mime.FormBodyPart;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.ByteArrayBody;
 
@@ -39,7 +38,6 @@
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
-import java.util.HashMap;
 import java.util.UUID;
 
 
@@ -70,13 +68,12 @@ public AwsProxyRequestBuilder(String path) {
 
 
     public AwsProxyRequestBuilder(String path, String httpMethod) {
-
         this.request = new AwsProxyRequest();
         this.request.setMultiValueHeaders(new MultiValuedTreeMap<>(String.CASE_INSENSITIVE_ORDER)); // avoid NPE
         this.request.setHttpMethod(httpMethod);
         this.request.setPath(path);
         this.request.setMultiValueQueryStringParameters(new MultiValuedTreeMap<>());
-        this.request.setRequestContext(new ApiGatewayRequestContext());
+        this.request.setRequestContext(new AwsProxyRequestContext());
         this.request.getRequestContext().setRequestId(UUID.randomUUID().toString());
         this.request.getRequestContext().setExtendedRequestId(UUID.randomUUID().toString());
         this.request.getRequestContext().setStage("test");
@@ -92,6 +89,15 @@ public AwsProxyRequestBuilder(String path, String httpMethod) {
     // Methods - Public
     //-------------------------------------------------------------
 
+    public AwsProxyRequestBuilder alb() {
+        this.request.setRequestContext(new AwsProxyRequestContext());
+        this.request.getRequestContext().setElb(new AlbContext());
+        this.request.getRequestContext().getElb().setTargetGroupArn(
+                "arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/lambda-target/d6190d154bc908a5"
+        );
+        return this;
+    }
+
     public AwsProxyRequestBuilder stage(String stageName) {
         this.request.getRequestContext().setStage(stageName);
         return this;
@@ -294,7 +300,7 @@ public AwsProxyRequestBuilder serverName(String serverName) {
 
     public AwsProxyRequestBuilder userAgent(String agent) {
         if (request.getRequestContext() == null) {
-            request.setRequestContext(new ApiGatewayRequestContext());
+            request.setRequestContext(new AwsProxyRequestContext());
         }
         if (request.getRequestContext().getIdentity() == null) {
             request.getRequestContext().setIdentity(new ApiGatewayRequestIdentity());
@@ -306,7 +312,7 @@ public AwsProxyRequestBuilder userAgent(String agent) {
 
     public AwsProxyRequestBuilder referer(String referer) {
         if (request.getRequestContext() == null) {
-            request.setRequestContext(new ApiGatewayRequestContext());
+            request.setRequestContext(new AwsProxyRequestContext());
         }
         if (request.getRequestContext().getIdentity() == null) {
             request.getRequestContext().setIdentity(new ApiGatewayRequestIdentity());

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/AlbContext.java

@@ -0,0 +1,19 @@
+package com.amazonaws.serverless.proxy.model;
+
+
+/***
+ * Context passed by ALB proxy events
+ */
+public class AlbContext {
+    private String targetGroupArn;
+
+
+    public String getTargetGroupArn() {
+        return targetGroupArn;
+    }
+
+
+    public void setTargetGroupArn(String targetGroupArn) {
+        this.targetGroupArn = targetGroupArn;
+    }
+}