search

aws / aws-sdk-java

The official AWS SDK for Java 1.x. The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
https://aws.amazon.com/sdkforjava
Apache License 2.0
4.12k stars 2.83k forks source link

AWS4Signer should provide option to set custom host header #2974

Closed voiddrum closed 2 months ago

voiddrum commented 1 year ago

Describe the feature

As of now, AWS4Signer extracts host name from end point url and uses it to set the Host header and compute hash to sign the request.

Ideally, if a host name is provided in the request's Host header, AWS4Signer should use that instead.

Use Case

In cases where the target host is behind a load balancer/gateway, the final host name will be that of the host which hosts the API (Eg: AWS Neptune /sparql API).

Clients should be able to set the target host name in header in order for the target host to verify the request.

Proposed Solution

If a host name is provided in the request's Host header, AWS4Signer should use that instead of extracting from endpoint url.

Other Information

awscurl command line tool is able to honour the host header. eg: The below invocation works

awscurl \
-H'Host: target_host.aws.com'  \
--access_key $AWS_ACCESS_KEY_ID \
--secret_key $AWS_SECRET_ACCESS_KEY \
--session_token $AWS_SESSION_TOKEN \
--service neptune-db \
--region us-west-2  \
-X POST -H 'Content-Type: application/sparql-query'  \
-H 'Accept: text/csv' "https://alb-host.aws.com/sparql" -d ...

Acknowledgements

AWS Java SDK version used

1.11.1009

JDK version used

11.0.16.1

Operating System and version

MacOS Ventura 13.3.1 (22E261)

voiddrum commented 1 year ago

Looks similar to https://github.com/aws/aws-sdk-ruby/issues/2339

debora-ito commented 1 year ago

So the feature request is to not overwrite the Host header if the request already has one.

It's unusual that this is needed at the AWS4Signer level. You can override the endpoint at the client level with a custom EndpointConfiguration but I guess you can't use this.

As a workaround, you can use a RequestHandler2 to change the endpoint to the hostname you want. https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/handlers/RequestHandler2.html

Just a heads up, the team is focused in working in features for the Java SDK v2, so this has a low chance to be implemented.

subuhi-nigar commented 9 months ago

This is weird of AWS4Signer to set host as endpoint .
StringBuilder hostHeaderBuilder = new StringBuilder(endpoint.getHost()); Due to this unable to access AWS service that are running behind NLB .

debora-ito commented 2 months ago

We don't have plans to support this in v1 before going into Maintenance Mode, so I'll go ahead and close this issue.

The recommendation is to migrate to Java SDK v2. If this issue is still relevant in v2, please open new Github issue in the v2 repo and provide all the details.

Reference:

github-actions[bot] commented 2 months ago

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.