从 Spring Boot REST 端点访问 AWS Secrets Manager
[英]Access AWS Secrets Manager from Spring Boot REST Endpoint
问题描述
I'm trying to grab credentials from AWS Secrets Manager via a REST API endpoint that I've configured in Spring Boot.
我正在尝试通过我在 Spring Boot 中配置的 REST API 端点从 AWS Secrets Manager 获取凭证。 If I type in the URL of the endpoint + the parameter, I get the object that I expect.如果我输入端点的 URL + 参数,我会得到我期望的对象。 The site with the endpoint is hosted via AWS as well.带有端点的站点也通过 AWS 托管。
When I try to access the endpoint from my Angular development server, I consistently get 401 unauthorized.当我尝试从我的 Angular 开发服务器访问端点时,我始终得到 401 未经授权。 I use Angular's proxy to access cross-domain endpoints for Cognito to authenticate, hitting Lambda endpoints among other things and never have a problem, but I cannot get this to work with this Spring Boot endpoint.我使用 Angular 的代理来访问 Cognito 的跨域端点以进行身份验证、访问 Lambda 端点等,并且从来没有问题,但是我无法让它与这个 Spring Boot 端点一起工作。 I don't think this is a Secrets Manager or even an AWS issue after a long call with AWS Support.在与 AWS Support 长时间通话后,我认为这不是 Secrets Manager 甚至是 AWS 问题。
Spring endpoint (I'm very new to Java, so this could require specific headers maybe?): Spring 端点(我对 Java很陌生,所以这可能需要特定的标头?):
@GetMapping("/REST/getSecret")
public String getSecret(@RequestParam String name) {
String secretName = getSecretByName(name);
JsonParser parser = new JsonParser();
Object secretObj = parser.parse(secretName);
JsonObject secretKeys = (JsonObject) secretObj;
return secretKeys.toString();
}
Angular service to retrieve secret:用于检索秘密的 Angular 服务:
getSecret(secretName: String): Observable<any> {
const headers = new HttpHeaders({
'Content-Type': 'application/json',
'Cache-Control': 'public' // likely unecessary, was trying to make sure cache was clearing at the time
});
return this.http.get<any>(
// this.secretConfig.getSecretUrl() + `/getSecret?name=${secretName}`, // Live Site
this.secretConfig.getSecretUrl() + `/getSecret/${secretName}`, // Dev
{
headers: headers
}
).pipe(map(secret => JSON.parse(secret)));
}
The Live Site comment is just showing what works while the whole thing is hosted Live Site评论仅显示在托管整个内容时有效的内容
Angular Proxy:角度代理:
"/getSecret": {
"target": "https://websiteurl.com/REST/getSecret?name=",
"secure": false,
"logLevel": "debug",
"changeOrigin": true
}
The proxy configuration looks funny but this is exactly how I have it setup to run a search with a parameter via a Lambda function and that works as expected.代理配置看起来很有趣,但这正是我设置它以通过 Lambda 函数运行带有参数的搜索的方式,并且按预期工作。
My only guess at this point is there are specific headers that I may need to setup on my REST endpoint and when trying to pull the data in via the Angular HTTP call?在这一点上,我唯一的猜测是我可能需要在我的 REST 端点上设置特定的标头,以及在尝试通过 Angular HTTP 调用提取数据时? If it is a headers issue, then I could probably test everything locally with Spring Boot running on 8080 and Angular on 4200. Currently the same errors happen when both instances are run locally.如果是头文件问题,那么我可能可以使用在 8080 上运行的 Spring Boot 和在 4200 上运行的 Angular 在本地测试所有内容。目前,当两个实例都在本地运行时,会发生相同的错误。
Any help is much appreciated!任何帮助深表感谢!
1 个解决方案
解决方案1
0 2021-07-29 18:11:23
I was able to get this to work by adding a @CrossOrigin annotation to the endpoint and opening up some security settings on local via applications.properties file.我能够通过向端点添加@CrossOrigin注释并通过 applications.properties 文件在本地打开一些安全设置来使其工作。 New to Java and Spring, so very unfamiliar with how the framework works. Java 和 Spring 的新手,因此非常不熟悉该框架的工作原理。
@CrossOrigin(origins = "*", allowHeaders = "*")
@GetMapping("/REST/getSecret")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.