AWS API网关自定义授权者

Question

我想通过java SDK实现自定义授权者lambda函数。有人可以告诉我从我的lambda函数中预期的JSON响应的确切格式。另外，我应该返回输出格式（JSON对象或策略对象）。

{ 
    "policyDocument": { 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
     "Action": "execute-api:Invoke", 
     "Resource": [ 
      "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*" 
     ], 
     "Effect": "Allow" 
     } 
    ] 
    }, 
    "principalId": "User123" 
} 

这是格式我在输出JSONObject格式提供，但得到的错误

Mon Apr 10 09:42:35 UTC 2017 : Endpoint request body after transformations: {"type":"TOKEN","authorizationToken":"ABC123","methodArn":"arn:aws:execute-api:ap-southeast-1:007183653813:ohlqxu9p57/null/GET/"} Mon Apr 10 09:42:36 UTC 2017 : Execution failed due to configuration error: Authorizer function failed with response body: {"errorMessage":"An error occurred during JSON serialization of response","errorType":"java.lang.RuntimeException","stackTrace":[],"cause":{"errorMessage":"com.fasterxml.jackson.databind.JsonMappingException: JsonObject (through reference chain: com.google.gson.JsonObject[\"asString\"])","errorType":"java.io.UncheckedIOException","stackTrace":[],"cause":{"errorMessage":"JsonObject (through reference chain: com.google.gson.JsonObject[\"asString\"])","errorType":"com.fasterxml.jackson.databind.JsonMappingException","stackTrace":["com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:210)","com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:177)","com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:199)","com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:683)","com.f [TRUNCATED] Mon Apr 10 09:42:36 UTC 2017 : AuthorizerConfigurationException

任何帮助将是巨大的。在此先感谢

Answer 1

AWS开发人员指南对lambda函数输入/输出的很好的例子：http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html

Answer 2

你所面临的问题是Λ框架有关。

本质上，Lambda将调用处理函数并传递一个序列化的JSON。

public class LambdaCustomAuthorizer implements RequestHandler<AuthorizationRequestDO, Object> { 


public Object handleRequest(AuthorizationRequestDO input, Context context) { } 

}

当您使用自定义的授权工作，API网关通过以下JSON到您的lambda表达式：

{ “类型”： “令牌”， “authorizationToken”： “” ， “methodArn”： “阿尔恩：AWS：执行-API ::: ///” }

，你应该有一个自定义DO AuthorizationRequestDO

这是一个POJO ::

公共类AuthorizationRequestDO {

String authorizationToken; 
String methodArn;  


public String getAuthorizationToken() { 
    return authorizationToken; 
} 
public void setAuthorizationToken(String authorizationToken) { 
    this.authorizationToken = authorizationToken; 
} 
public String getMethodArn() { 
    return methodArn; 
} 
public void setMethodArn(String methodArn) { 
    this.methodArn = methodArn; 
} 

@Override 
public String toString() { 
    return "AuthorizationRequestDO [authorizationToken=" + authorizationToken + ", methodArn=" + methodArn 
      + ", getAuthorizationToken()=" + getAuthorizationToken() + ", getMethodArn()=" + getMethodArn() + "]"; 
} 

}

Answer 3

你Resource属性应该是一个单一的string值。

{ 
    "policyDocument": { 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
     "Action": "execute-api:Invoke", 
     "Resource": "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*", 
     "Effect": "Allow" 
     } 
    ] 
    }, 
    "principalId": "User123" 
}