程式碼範例 AWS WAF 移動 SDK - AWS WAFAWS Firewall Manager、 和 AWS Shield Advanced
初始化令牌提供者並獲取令牌允許SDK提供權杖 Cookie手動提供令牌餅乾

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

程式碼範例 AWS WAF 移動 SDK

本節提供了使用移動設備的代碼示例SDK。

初始化令牌提供者並獲取令牌

您可以使用配置對象啟動令牌提供者實例。然後,您可以使用可用的操作檢索令牌。下面顯示了所需代碼的基本組件。

iOS
let url: URL = URL(string: "Web ACL integration URL")!
let configuration = WAFConfiguration(applicationIntegrationUrl: url, domainName: "Domain name")
let tokenProvider = WAFTokenProvider(configuration)

//onTokenReady can be add as an observer for UIApplication.willEnterForegroundNotification
self.tokenProvider.onTokenReady() { token, error in
	if let token = token {
	//token available
	}

	if let error = error {
	//error occurred after exhausting all retries
	}
}

//getToken()
let token = tokenProvider.getToken()
Android

Java 的例子:

String applicationIntegrationURL = "Web ACL integration URL";
//Or
URL applicationIntegrationURL = new URL("Web ACL integration URL");

String domainName = "Domain name";

WAFConfiguration configuration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL).domainName(domainName).build();
WAFTokenProvider tokenProvider = new WAFTokenProvider(Application context, configuration);

// implement a token result callback
WAFTokenResultCallback callback = (wafToken, error) -> {
	if (wafToken != null) {
	// token available
	} else {  
	// error occurred in token refresh  
	}
};

// Add this callback to application creation or activity creation where token will be used
tokenProvider.onTokenReady(callback);

// Once you have token in token result callback
// if background refresh is enabled you can call getToken() from same tokenprovider object
// if background refresh is disabled you can directly call getToken()(blocking call) for new token
WAFToken token = tokenProvider.getToken();

Kotlin 範例:

import com.amazonaws.waf.mobilesdk.token.WAFConfiguration
import com.amazonaws.waf.mobilesdk.token.WAFTokenProvider

private lateinit var wafConfiguration: WAFConfiguration
private lateinit var wafTokenProvider: WAFTokenProvider

private val WAF_INTEGRATION_URL = "Web ACL integration URL"
private val WAF_DOMAIN_NAME = "Domain name"

fun initWaf() {
	// Initialize the tokenprovider instance
	val applicationIntegrationURL = URL(WAF_INTEGRATION_URL)
	wafConfiguration =
		WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL)
			.domainName(WAF_DOMAIN_NAME).backgroundRefreshEnabled(true).build()
	wafTokenProvider = WAFTokenProvider(getApplication(), wafConfiguration)
	
		// getToken from tokenprovider object
		println("WAF: "+ wafTokenProvider.token.value)
	
		// implement callback for where token will be used
		wafTokenProvider.onTokenReady {
			wafToken, sdkError ->
		run {
			println("WAF Token:" + wafToken.value)
		}
	}
}

如果setTokenCookieTRUE,則令牌提供程序會在您的 Web 請求中為您包含令牌 cookie,以發送到在中指定的路徑下的所有位置tokenCookiePath。默認情況下,setTokenCookietokenCookiePathTRUE/

您可以透過指定權杖 Cookie 路徑來縮小包含權杖 Cookie 的要求範圍,例如,/web/login。如果你這樣做,檢查你的 AWS WAF 規則不會檢查您發送到其他路徑的請求中的令牌。使用AWSManagedRulesACFPRuleSet規則群組時,您需要設定帳戶註冊和建立路徑,規則群組會檢查傳送至這些路徑的要求中是否有 Token。如需詳細資訊,請參閱將ACFP受管規則群組新增至您的網站 ACL。同樣地,當您使用AWSManagedRulesATPRuleSet規則群組時,您會設定登入路徑,規則群組會檢查傳送至該路徑之要求中的 Token。如需詳細資訊,請參閱將ATP受管規則群組新增至您的網站 ACL

iOS

如果setTokenCookieTRUE,令牌提供程序存儲 AWS WAF 令牌中,HTTPCookieStorage.shared並自動將 cookie 包含在對您指定的域的請求中WAFConfiguration

let request = URLRequest(url: URL(string: domainEndpointUrl)!)
//The token cookie is set automatically as cookie header
let task = URLSession.shared.dataTask(with: request) { data, urlResponse, error  in
}.resume()
Android

如果setTokenCookieTRUE,令牌提供程序存儲 AWS WAF 在共享應用程序範圍內的CookieHandler實例中的令牌。權杖提供者會自動將 Cookie 包含在對您在中指定的網域的要求中WAFConfiguration

Java 的例子:

URL url = new URL("Domain name");
//The token cookie is set automatically as cookie header
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.getResponseCode();

Kotlin 範例:

val url = URL("Domain name")
//The token cookie is set automatically as cookie header
val connection = (url.openConnection() as HttpsURLConnection)
connection.responseCode

如果您已經初始化了CookieHandler默認實例,令牌提供商將使用它來管理 cookie。如果沒有,令牌提供者將初始化一個新的CookieManager實例 AWS WAF 權杖,CookiePolicy.ACCEPT_ORIGINAL_SERVER然後將此新執行個體設定為中的預設執行個體CookieHandler

下面的代碼顯示了如何SDK初始化 cookie 管理器和 cookie 處理程序時,它們在您的應用程序中不可用。

Java 的例子:

CookieManager cookieManager = (CookieManager) CookieHandler.getDefault();
if (cookieManager == null) {
	// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
	cookieManager = new CookieManager();
	CookieHandler.setDefault(cookieManager);
}

Kotlin 範例:

var cookieManager = CookieHandler.getDefault() as? CookieManager
if (cookieManager == null) {
	// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
	cookieManager = CookieManager()
	CookieHandler.setDefault(cookieManager)
}

如果設置setTokenCookieFALSE,則需要在向受保護端點的請HTTP求中手動提供令牌 cookie 作為 Cookie 請求標頭。下面的代碼演示了如何做到這一點。

iOS
var request = URLRequest(url: wafProtectedEndpoint)
request.setValue("aws-waf-token=token from token provider", forHTTPHeaderField: "Cookie")
request.httpShouldHandleCookies = true
URLSession.shared.dataTask(with: request) { data, response, error in }
Android

Java 的例子:

URL url = new URL("Domain name");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
String wafTokenCookie = "aws-waf-token=token from token provider";
connection.setRequestProperty("Cookie", wafTokenCookie);
connection.getInputStream();

Kotlin 範例:

val url = URL("Domain name")
val connection = (url.openConnection() as HttpsURLConnection)
val wafTokenCookie = "aws-waf-token=token from token provider"
connection.setRequestProperty("Cookie", wafTokenCookie)
connection.inputStream