本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
为 AWS WAF 移动 SDK 编写代码
此部分提供使用软件开发工具包的代码示例。
初始化令牌提供程序并获取令牌
您可以使用配置对象启动令牌提供程序实例。然后,您可以使用可用操作检索令牌。以下是所需代码的基本组件。
- iOS
-
let url: URL = URL(string: "
Web ACL integration URL
")! let configuration = WAFConfiguration(applicationIntegrationUrl: url, domainName: "Domain name
") let tokenProvider = WAFTokenProvider(configuration) //onTokenReady can be add as an observer for UIApplication.willEnterForegroundNotification self.tokenProvider.onTokenReady() { token, error in if let token = token { //token available } if let error = error { //error occurred after exhausting all retries } } //getToken() let token = tokenProvider.getToken() - Android
-
Java 示例:
String applicationIntegrationURL = "
Web ACL integration URL
"; //Or URL applicationIntegrationURL = new URL("Web ACL integration URL
"); String domainName = "Domain name
"; WAFConfiguration configuration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL).domainName(domainName).build(); WAFTokenProvider tokenProvider = new WAFTokenProvider(Application context
, configuration); // implement a token result callback WAFTokenResultCallback callback = (wafToken, error) -> { if (wafToken != null) { // token available } else { // error occurred in token refresh } }; // Add this callback to application creation or activity creation where token will be used tokenProvider.onTokenReady(callback); // Once you have token in token result callback // if background refresh is enabled you can call getToken() from same tokenprovider object // if background refresh is disabled you can directly call getToken()(blocking call) for new token WAFToken token = tokenProvider.getToken();Kotlin 示例:
import com.amazonaws.waf.mobilesdk.token.WAFConfiguration import com.amazonaws.waf.mobilesdk.token.WAFTokenProvider private lateinit var wafConfiguration: WAFConfiguration private lateinit var wafTokenProvider: WAFTokenProvider private val WAF_INTEGRATION_URL = "
Web ACL integration URL
" private val WAF_DOMAIN_NAME = "Domain name
" fun initWaf() { // Initialize the tokenprovider instance val applicationIntegrationURL = URL(WAF_INTEGRATION_URL) wafConfiguration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL) .domainName(WAF_DOMAIN_NAME).backgroundRefreshEnabled(true).build() wafTokenProvider = WAFTokenProvider(getApplication(), wafConfiguration) // getToken from tokenprovider object println("WAF: "+ wafTokenProvider.token.value) // implement callback for where token will be used wafTokenProvider.onTokenReady { wafToken, sdkError -> run { println("WAF Token:" + wafToken.value) } } }
允许软件开发工具包在您的 HTTP 请求中提供令牌 Cookie
如果 setTokenCookie
是 TRUE
,令牌提供者会在您向 tokenCookiePath
中指定的路径下的所有位置发出的网络请求中为您包含令牌 Cookie。默认情况下,setTokenCookie
为 TRUE
,tokenCookiePath
为 /
。
您可以通过指定令牌 Cookie 路径来缩小包含令牌 Cookie 的请求的范围,例如 /web/login
。如果您这样做,请检查您的 AWS WAF 规则是否未检查您发送到其他路径的请求中的令牌。使用 AWSManagedRulesACFPRuleSet
规则组时,您可以配置账户注册和创建路径,规则组会检查发送到这些路径的请求中的令牌。有关更多信息,请参阅 将 ACFP 托管规则组添加到您的 Web ACL。同样,当您使用 AWSManagedRulesATPRuleSet
规则组时,您可以配置登录路径,规则组会检查发送到该路径的请求中的令牌。有关更多信息,请参阅 将 ATP 托管规则组添加到您的 Web ACL。
- iOS
-
如果
setTokenCookie
是TRUE
,则令牌提供者会将 AWS WAF 令牌存储在 a 中,HTTPCookieStorage.shared
并自动将该 Cookie 包含在对您在中指定的域的请求中WAFConfiguration
。let request = URLRequest(url: URL(string: domainEndpointUrl)!) //The token cookie is set automatically as cookie header let task = URLSession.shared.dataTask(with: request) { data, urlResponse, error in }.resume()
- Android
-
如果
setTokenCookie
是TRUE
,则令牌提供者将 AWS WAF 令牌存储在应用程序范围内共享的CookieHandler
实例中。令牌提供程序会自动将 Cookie 包含在对您在WAFConfiguration
中指定的域的请求中。Java 示例:
URL url = new URL("
Domain name
"); //The token cookie is set automatically as cookie header HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.getResponseCode();Kotlin 示例:
val url = URL("
Domain name
") //The token cookie is set automatically as cookie header val connection = (url.openConnection() as HttpsURLConnection) connection.responseCode如果您已经初始化了
CookieHandler
默认实例,则令牌提供程序将使用它来管理 Cookie。否则,令牌提供者将使用该令 AWS WAF 牌初始化一个新CookieManager
实例,CookiePolicy.ACCEPT_ORIGINAL_SERVER
然后将此新实例设置为中的默认实例CookieHandler
。以下代码显示了当 Cookie 管理器和 Cookie 处理程序在您的应用程序中不可用时,软件开发工具包如何对其进行初始化。
Java 示例:
CookieManager cookieManager = (CookieManager) CookieHandler.getDefault(); if (cookieManager == null) { // Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER cookieManager = new CookieManager(); CookieHandler.setDefault(cookieManager); }
Kotlin 示例:
var cookieManager = CookieHandler.getDefault() as? CookieManager if (cookieManager == null) { // Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER cookieManager = CookieManager() CookieHandler.setDefault(cookieManager) }
在您的 HTTP 请求中手动提供令牌 Cookie
如果您将 setTokenCookie
设置为 FALSE
,则需要在向受保护端点发出的请求中手动提供令牌 Cookie,作为 Cookie HTTP 请求标头。以下代码演示了如何执行此操作。
- iOS
-
var request = URLRequest(url: wafProtectedEndpoint) request.setValue("aws-waf-token=
token from token provider
", forHTTPHeaderField: "Cookie") request.httpShouldHandleCookies = true URLSession.shared.dataTask(with: request) { data, response, error in } - Android
-
Java 示例:
URL url = new URL("
Domain name
"); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); String wafTokenCookie = "aws-waf-token=token from token provider
"; connection.setRequestProperty("Cookie", wafTokenCookie); connection.getInputStream();Kotlin 示例:
val url = URL("
Domain name
") val connection = (url.openConnection() as HttpsURLConnection) val wafTokenCookie = "aws-waf-token=token from token provider" connection.setRequestProperty("Cookie", wafTokenCookie) connection.inputStream