在AWS Lambda Spring Boot中加载自定义ApplicationContextInitializer

时间:2019-01-27 15:43:03

标签: spring amazon-web-services spring-boot aws-lambda aws-kms

如何在春季启动AWS Lambda中加载自定义ApplicationContextInitializer? 我有一个使用Spring Boot的aws lambda应用程序,我想编写一个ApplicationContextInitializer来解密数据库密码。我有以下代码在本地作为Spring Boot应用程序运行时可以运行,但是当我将其作为Lambda部署到AWS控制台时却无法正常工作。

这是我的代码 1. Applications.properties 

spring.datasource.url=url
spring.datasource.username=testuser
CIPHER.spring.datasource.password=encryptedpassword

下面的代码是ApplicationContextInitializer,假定密码是Base64编码的,仅用于测试(在实际情况下,它将由AWM KMS加密)。这里的想法是,密钥是否以“ CIPHER”开头。 (就像在CIPHER.spring.datasource.password中一样)我假定它的值需要解密,并在上下文初始化时添加具有实际密钥的另一个键值对(这里是spring.datasource.password)及其解密值。

将类似于spring.datasource.password=decrypted password 

@Component
public class DecryptedPropertyContextInitializer 
        implements ApplicationContextInitializer<ConfigurableApplicationContext> {

  private static final String CIPHER = "CIPHER.";

  @Override
  public void initialize(ConfigurableApplicationContext applicationContext) {
      ConfigurableEnvironment environment = applicationContext.getEnvironment();
      for (PropertySource<?> propertySource : environment.getPropertySources()) {
          Map<String, Object> propertyOverrides = new LinkedHashMap<>();
          decodePasswords(propertySource, propertyOverrides);
          if (!propertyOverrides.isEmpty()) {
              PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
              environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
          }
      }
  }

  private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
    if (source instanceof EnumerablePropertySource) {
        EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
        for (String key : enumerablePropertySource.getPropertyNames()) {
            Object rawValue = source.getProperty(key);
            if (rawValue instanceof String && key.startsWith(CIPHER)) {
                String cipherRemovedKey =  key.substring(CIPHER.length());
                String decodedValue = decode((String) rawValue);
                propertyOverrides.put(cipherRemovedKey, decodedValue);
            }
        }
    }
}

  public String decode(String encodedString) {
    byte[] valueDecoded = org.apache.commons.codec.binary.Base64.decodeBase64(encodedString);
    return new String(valueDecoded);
  }

这是Spring引导初始化程序

@SpringBootApplication
@ComponentScan(basePackages = "com.amazonaws.serverless.sample.springboot.controller")
public class Application extends SpringBootServletInitializer {

    @Bean
    public HandlerMapping handlerMapping() {
        return new RequestMappingHandlerMapping();
    }

    @Bean
    public HandlerAdapter handlerAdapter() {
        return new RequestMappingHandlerAdapter();
    }

    @Bean
    public HandlerExceptionResolver handlerExceptionResolver() {
        return new HandlerExceptionResolver() {
            @Override
            public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
                return null;
            }
        };
    }

   //loading the initializer here
   public static void main(String[] args) {
     SpringApplication application=new SpringApplication(Application.class);
     application.addInitializers(new DecryptedPropertyContextInitializer());
     application.run(args);
    }

这在作为Spring Boot应用程序运行时有效,但是当它作为Lambda部署到AWS中时,我的SpringBootServletInitializer中的main()方法将永远不会被lambda调用。这是我的Lambda处理程序。

public class StreamLambdaHandler implements RequestStreamHandler {
  private static Logger LOGGER = LoggerFactory.getLogger(StreamLambdaHandler.class); 

    private static SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
    static {
        try {
            handler = SpringBootLambdaContainerHandler.getAwsProxyHandler(Application.class);
            handler.onStartup(servletContext -> {
                FilterRegistration.Dynamic registration = servletContext.addFilter("CognitoIdentityFilter", CognitoIdentityFilter.class);
                registration.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*");
            });
        } catch (ContainerInitializationException e) {
            e.printStackTrace();
            throw new RuntimeException("Could not initialize Spring Boot application", e);
        }
    }

    @Override
    public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context)
            throws IOException {
        handler.proxyStream(inputStream, outputStream, context);
        outputStream.close();
    }
}

要对代码进行什么更改以加载Lambda的ApplicationContextInitializer?任何帮助将不胜感激。

1 个答案:

答案 0 :(得分:0)

我能够通过以下方式钉住它。

首先使用带有前缀的占位符更改属性值,其中前缀表示需要解密的值,例如。

spring.datasource.password = $ {MY_PREFIX_placeHolder}

aws lambda环境变量名称应与占位符匹配

('MY_PREFIX_placeHolder'),并使用AWS KMS对该值进行加密(此示例为base64解码)。

创建一个ApplicationContextInitializer,它将解密属性值

public class DecryptedPropertyContextInitializer 
        implements ApplicationContextInitializer<ConfigurableApplicationContext> {

  private static final String CIPHER = "MY_PREFIX_";

  @Override
  public void initialize(ConfigurableApplicationContext applicationContext) {
      ConfigurableEnvironment environment = applicationContext.getEnvironment();
      for (PropertySource<?> propertySource : environment.getPropertySources()) {
          Map<String, Object> propertyOverrides = new LinkedHashMap<>();
          decodePasswords(propertySource, propertyOverrides);
          if (!propertyOverrides.isEmpty()) {
              PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
              environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
          }
      }
  }

  private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
    if (source instanceof EnumerablePropertySource) {
        EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
        for (String key : enumerablePropertySource.getPropertyNames()) {
            Object rawValue = source.getProperty(key);
            if (rawValue instanceof String && key.startsWith(CIPHER)) {
                String decodedValue = decode((String) rawValue);
                propertyOverrides.put(key, decodedValue);
            }
        }
    }
}

  public String decode(String encodedString) {
    byte[] valueDecoded = org.apache.commons.codec.binary.Base64.decodeBase64(encodedString);
    return new String(valueDecoded);
  }
}

上面的代码将解密所有前缀为MY_PREFIX_的值,并将它们添加到属性源的顶部。

由于将spring boot部署到aws lambda中,lambda将不会调用main()函数,因此,如果在main()中初始化ApplicationContextInitializer,它将无法正常工作。为了使其工作,需要重写SpringBootServletInitializer的createSpringApplicationBuilder()方法,因此SpringBootServletInitializer将类似于

@SpringBootApplication
@ComponentScan(basePackages = "com.amazonaws.serverless.sample.springboot.controller")
public class Application extends SpringBootServletInitializer {

    @Bean
    public HandlerMapping handlerMapping() {
        return new RequestMappingHandlerMapping();
    }

    @Bean
    public HandlerAdapter handlerAdapter() {
        return new RequestMappingHandlerAdapter();
    }

    @Bean
    public HandlerExceptionResolver handlerExceptionResolver() {
        return new HandlerExceptionResolver() {
            @Override
            public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
                return null;
            }
        };
    }


@Override
protected SpringApplicationBuilder createSpringApplicationBuilder() {
  SpringApplicationBuilder builder = new SpringApplicationBuilder();
  builder.initializers(new DecryptedPropertyContextInitializer());
  return builder;
}

   public static void main(String[] args) {
      SpringApplication.run(Application.class, args);
    }
}

无需对lambdahandler进行任何更改。

相关问题
最新问题