search

aws / serverless-java-container

A Java wrapper to run Spring, Spring Boot, Jersey, and other apps inside AWS Lambda.
https://aws.amazon.com/serverless/
Apache License 2.0
1.5k stars 560 forks source link

`IAM` authorizer is discarded #780

Closed emilburzo closed 7 months ago

emilburzo commented 8 months ago

Serverless Java Container version: 2.0.0

Implementations: Spring Boot 3

Framework version: SpringBoot 3.2.0

Frontend service: Lambda function URL

Deployment method: CloudFormation with AWS::Serverless-2016-10-31 transform

Scenario

I'm trying to access the SigV4 authorizer information for a lambda which is using lambda function URLs.

Although the fields are available in the context object in StreamLambdaHandler.handleRequest, they get discarded and aren't available in the AwsHttpApiV2ProxyHttpServletRequest object.

Expected behavior

The requestContext.authorizer.iam.* fields are accessible / not discarded.

Actual behavior

requestContext.authorizer is null because anything besides jwt or lambda is ignored:

https://github.com/aws/serverless-java-container/blob/main/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/HttpApiV2AuthorizerMap.java#L79-L80

Redacted sample event

{
    "version": "2.0",
    "routeKey": "$default",
    "rawPath": "/healthcheck",
    "rawQueryString": "",
    "headers": {
        "x-amzn-tls-version": "TLSv1.2",
        "x-amz-date": "x",
        "x-forwarded-proto": "https",
        "x-forwarded-port": "443",
        "x-forwarded-for": "x",
        "x-amz-security-token": "x",
        "accept": "*/*",
        "x-amzn-tls-cipher-suite": "x",
        "x-amzn-trace-id": "x",
        "host": "x.lambda-url.eu-west-1.on.aws",
        "content-type": "application/json",
        "accept-encoding": "gzip, deflate, br",
        "user-agent": "x"
    },
    "requestContext": {
        "accountId": "1234",
        "apiId": "x",
        "authorizer": {
            "iam": {
                "accessKey": "x",
                "accountId": "1234",
                "callerId": "x",
                "cognitoIdentity": null,
                "principalOrgId": "x",
                "userArn": "arn:aws:sts::x:x",
                "userId": "x"
            }
        },
        "domainName": "x.lambda-url.eu-west-1.on.aws",
        "domainPrefix": "x",
        "http": {
            "method": "GET",
            "path": "/healthcheck",
            "protocol": "HTTP/1.1",
            "sourceIp": "x",
            "userAgent": "x"
        },
        "requestId": "x",
        "routeKey": "$default",
        "stage": "$default",
        "time": "28/Feb/2024:11:36:08 +0000",
        "timeEpoch": 1709120168045
    },
    "isBase64Encoded": false
}
mbfreder commented 8 months ago

Hey, thanks for raising the issue. Let me reproduce the issue and get back to you.

deki commented 7 months ago

Fix is now available as part of Release 2.0.1