Merge pull request #25 from awslabs/cognito-user-pool

Cognito user pool support

Author: sapessi

.travis.yml

@@ -0,0 +1,4 @@
+language: java
+jdk:
+  - oraclejdk8
+script: mvn install

README.md

@@ -1,4 +1,4 @@
-# Serverless Java container
+# Serverless Java container [![Build Status](https://travis-ci.org/awslabs/aws-serverless-java-container.svg?branch=master)](https://travis-ci.org/awslabs/aws-serverless-java-container) [![Help](http://img.shields.io/badge/help-gitter-E91E63.svg?style=flat-square)](https://gitter.im/awslabs/aws-serverless-java-container)
 The `aws-serverless-java-container` is collection of interfaces and their implementations that let you run Java application written with frameworks such as [Jersey](https://jersey.java.net/) or [Spark](http://sparkjava.com/) in [AWS Lambda](https://aws.amazon.com/lambda/).
 
 The library contains a core artifact called `aws-serverless-java-container-core` that defines the interfaces and base classes required as well as default implementation of the Java servlet `HttpServletRequest` and `HttpServletResponse`.

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java

@@ -71,7 +71,7 @@ public Principal getUserPrincipal() {
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                 return event.getRequestContext().getIdentity().getUserArn();
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_COGNITO_POOL)) {
-                return event.getRequestContext().getIdentity().getCognitoIdentityId();
+                return event.getRequestContext().getAuthorizer().getClaims().getSubject();
             }
 
             return null;
@@ -90,7 +90,7 @@ public boolean isSecure() {
 
 
     public String getAuthenticationScheme() {
-        if (event.getRequestContext().getIdentity().getCognitoAuthenticationType() != null) {
+        if (event.getRequestContext().getAuthorizer() != null && event.getRequestContext().getAuthorizer().getClaims() != null && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
             return AUTH_SCHEME_COGNITO_POOL;
         } else if (event.getRequestContext().getAuthorizer() != null) {
             return AUTH_SCHEME_CUSTOM;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/ApiGatewayAuthorizerContext.java

@@ -12,27 +12,70 @@
  */
 package com.amazonaws.serverless.proxy.internal.model;
 
+import com.fasterxml.jackson.annotation.JsonAnyGetter;
+import com.fasterxml.jackson.annotation.JsonAnySetter;
+
 import java.util.HashMap;
+import java.util.Map;
+
 
 /**
- * Custom authorizer context object for the API Gateway request context.
+ * Context object used for custom authorizers and Cognito User Pool authorizers.
+ * <p>
+ *     Custom authorizers  populate the <code>principalId</code> field. All other custom values
+ *     returned by the authorizer are accessible via the <code>getContextValue</code> method.
+ * </p>
+ * <p>
+ *     Cognito User Pool authorizers populate the <pre>claims</pre> object.
+ * </p>
  */
-public class ApiGatewayAuthorizerContext extends HashMap<String, String> {
+public class ApiGatewayAuthorizerContext {
+
+    //-------------------------------------------------------------
+    // Variables - Private
+    //-------------------------------------------------------------
+
+    private Map<String, String> contextProperties = new HashMap<>();
+    private String principalId;
+    private CognitoAuthorizerClaims claims;
+
+
+    //-------------------------------------------------------------
+    // Methods - Public
+    //-------------------------------------------------------------
+
+    @JsonAnyGetter
+    public String getContextValue(String key) {
+        return contextProperties.get(key);
+    }
+
+
+    @JsonAnySetter
+    public void setContextValue(String key, String value) {
+        contextProperties.put(key, value);
+    }
+
 
     //-------------------------------------------------------------
     // Methods - Getter/Setter
     //-------------------------------------------------------------
 
     public String getPrincipalId() {
-        return get("principalId");
+        return principalId;
     }
 
 
     public void setPrincipalId(String principalId) {
-        put("principalId", principalId);
+        this.principalId = principalId;
     }
 
-    public String getContextValue(String key) {
-        return get(key);
+
+    public CognitoAuthorizerClaims getClaims() {
+        return claims;
+    }
+
+
+    public void setClaims(CognitoAuthorizerClaims claims) {
+        this.claims = claims;
     }
 }

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/AwsProxyRequest.java

@@ -17,7 +17,7 @@
 import java.util.Map;
 
 /**
- * Default implementation of the request object from an API GAteway AWS_PROXY integration
+ * Default implementation of the request object from an API Gateway AWS_PROXY integration
  */
 public class AwsProxyRequest {
 
@@ -152,7 +152,7 @@ public boolean isBase64Encoded() {
     }
 
 
-    public void setBase64Encoded(boolean base64Encoded) {
+    public void setIsBase64Encoded(boolean base64Encoded) {
         isBase64Encoded = base64Encoded;
     }
 }

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/CognitoAuthorizerClaims.java

@@ -0,0 +1,166 @@
+/*
+ * Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ * with the License. A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0/
+ *
+ * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ * OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+ * and limitations under the License.
+ */
+package com.amazonaws.serverless.proxy.internal.model;
+
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.time.format.DateTimeFormatter;
+
+
+/**
+ * This object represents the claims property in the authorizer context of a request. The claims object is normally populated
+ * by a Cognito User Pool authorizer and contains the following fields:
+ * <pre>
+ * "claims": {
+ *     "sub": "42df3b02-29f1-4779-a3e5-eff92ff280b2",
+ *     "aud": "2k3no2j1rjjbqaskc4bk0ub29b",
+ *     "email_verified": "true",
+ *     "token_use": "id",
+ *     "auth_time": "1492467169",
+ *     "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_Adx5ZHePg",
+ *     "cognito:username": "sapessi",
+ *     "expiration": "Mon Apr 17 23:12:49 UTC 2017",
+ *     "issuedAt": "Mon Apr 17 22:12:49 UTC 2017",
+ *     "email": "[email protected]"
+ * }
+ * </pre>
+ */
+public class CognitoAuthorizerClaims {
+
+    //-------------------------------------------------------------
+    // Variables - Private
+    //-------------------------------------------------------------
+
+    @JsonProperty(value = "sub")
+    private String subject;
+    @JsonProperty(value = "aud")
+    private String audience;
+    @JsonProperty(value = "iss")
+    private String issuer;
+    @JsonProperty(value = "token_use")
+    private String tokenUse;
+    @JsonProperty(value = "cognito:username")
+    private String username;
+    private String email;
+    @JsonProperty(value = "email_verified")
+    private boolean emailVerified;
+    @JsonProperty(value = "auth_time")
+    private Long authTime;
+    @JsonProperty(value = "exp")
+    private String expiration;
+    @JsonProperty(value = "iat")
+    private String issuedAt;
+
+
+    //-------------------------------------------------------------
+    // Methods - Getter/Setter
+    //-------------------------------------------------------------
+
+    public String getSubject() { return this.subject; }
+
+
+    public void setSubject(String subject) {
+        this.subject = subject;
+    }
+
+
+    public String getAudience() {
+        return audience;
+    }
+
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
+
+
+    public String getIssuer() {
+        return issuer;
+    }
+
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
+
+    public String getTokenUse() {
+        return tokenUse;
+    }
+
+
+    public void setTokenUse(String tokenUse) {
+        this.tokenUse = tokenUse;
+    }
+
+
+    public String getUsername() {
+        return username;
+    }
+
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+
+    public String getEmail() {
+        return email;
+    }
+
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+
+    public boolean isEmailVerified() {
+        return emailVerified;
+    }
+
+
+    public void setEmailVerified(boolean emailVerified) {
+        this.emailVerified = emailVerified;
+    }
+
+
+    public Long getAuthTime() {
+        return authTime;
+    }
+
+
+    public void setAuthTime(Long authTime) {
+        this.authTime = authTime;
+    }
+
+
+    public String getExpiration() {
+        return expiration;
+    }
+
+
+    public void setExpiration(String expiration) {
+        this.expiration = expiration;
+    }
+
+
+    public String getIssuedAt() {
+        return issuedAt;
+    }
+
+
+    public void setIssuedAt(String issuedAt) {
+        this.issuedAt = issuedAt;
+    }
+}

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java

@@ -280,6 +280,7 @@ protected List<Map.Entry<String, String>> parseHeaderValue(String headerValue) {
         if (headerValue == null) {
             return values;
         }
+
         for (String kv : headerValue.split(HEADER_VALUE_SEPARATOR)) {
             String[] kvSplit = kv.split(HEADER_KEY_VALUE_SEPARATOR);
 

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/testutils/AwsProxyRequestBuilder.java

@@ -16,11 +16,16 @@
 import com.amazonaws.serverless.proxy.internal.model.ApiGatewayRequestContext;
 import com.amazonaws.serverless.proxy.internal.model.ApiGatewayRequestIdentity;
 import com.amazonaws.serverless.proxy.internal.model.AwsProxyRequest;
+import com.amazonaws.serverless.proxy.internal.model.CognitoAuthorizerClaims;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
+
+import java.io.File;
+import java.io.IOException;
 import java.util.HashMap;
 
 /**
@@ -156,14 +161,20 @@ public AwsProxyRequestBuilder authorizerContextValue(String key, String value) {
         if (this.request.getRequestContext().getAuthorizer() == null) {
             this.request.getRequestContext().setAuthorizer(new ApiGatewayAuthorizerContext());
         }
-        this.request.getRequestContext().getAuthorizer().put(key, value);
+        this.request.getRequestContext().getAuthorizer().setContextValue(key, value);
         return this;
     }
 
 
     public AwsProxyRequestBuilder cognitoUserPool(String identityId) {
         this.request.getRequestContext().getIdentity().setCognitoAuthenticationType("POOL");
         this.request.getRequestContext().getIdentity().setCognitoIdentityId(identityId);
+        if (this.request.getRequestContext().getAuthorizer() == null) {
+            this.request.getRequestContext().setAuthorizer(new ApiGatewayAuthorizerContext());
+        }
+        this.request.getRequestContext().getAuthorizer().setClaims(new CognitoAuthorizerClaims());
+        this.request.getRequestContext().getAuthorizer().getClaims().setSubject(identityId);
+
         return this;
     }
 
@@ -209,6 +220,18 @@ public AwsProxyRequestBuilder serverName(String serverName) {
         return this;
     }
 
+    public AwsProxyRequestBuilder fromJsonString(String jsonContent)
+            throws IOException {
+        request = mapper.readValue(jsonContent, AwsProxyRequest.class);
+        return this;
+    }
+
+    public AwsProxyRequestBuilder fromJsonPath(String filePath)
+            throws IOException {
+        request = mapper.readValue(new File(filePath), AwsProxyRequest.class);
+        return this;
+    }
+
     public AwsProxyRequest build() {
         return this.request;
     }