Signing a HTTP request

[Shiva Ramagopal]

Hi,

I'm trying to use the Vert.x HttpClient to connect to AWS Elasticsearch and that requires the client to sign every request.

The official AWS documentation provides an example using the RESTClient of ES here using org.apache.http.HttpRequestInterceptor





AWS4Signer signer = new AWS4Signer(); 
signer.setServiceName(serviceName);
signer.setRegionName(region);
HttpRequestInterceptor interceptor = new AWSRequestSigningApacheInterceptor(serviceName, signer, credentialsProvider);
return new RestHighLevelClient(RestClient.builder(HttpHost.create(aesEndpoint)).setHttpClientConfigCallback(hacb -> hacb.addInterceptorLast(interceptor)));

I'm not able to find in the Vertx documentation on setting a request interceptor on either the WebClient or HttpClient. I'd really appreciate some help on this!

Thanks,
Shiva

[Julien Ponge]

Hi Shiva,

In your specific case you may want to look at https://reactiverse.io/elasticsearch-client/ which is based on the official ES client.

It can avoid you doing HTTP requests manually by using the asynchronous bits from the ES client, and also make sure you respect the Vert.x threading model.

- Julien

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/e936c854-1ffe-42e7-ac06-0dd1d98baf0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Shiva Ramagopal]

Thanks Julien. Will check this out.

Its nice that this client supports the Vert.x threading model.

[Bruce Wang]

Hi Shiva and Julien,

May I know how you resolve this issue at last ?

I am just facing the same requirement.

I am developing a reverse proxy which will forward users' requests to Elasticsearch. This reverse proxy can do some throttling to avoid elasticsearch overload, as well as some statistics.

The implementation is simple, will create an io.vertx.ext.web.client.HttpRequest object and append all the headers from original requests and invoke the vert.x HttpRequest's sendBuffer function to send the request to elasticsearch. When got the response just return the response to users.

The users'  original requests have headers of aws sign auth tokens for resource based access control of elasticsearch.

But now, I have to implement some own aws sign to let the reverse proxy can skip the elasticsearch domain access policy (sign for a role that have es:* permission on the domain),  for this requirement, I need to sign some kind of the user's requests. But I don't want to use the elasticsearch rest client, that will add performance overhead and also impact my current design. Just want to sign the io.vertx.ext.web.client.HttpRequest by AWSRequestSigningApacheInterceptor by cannot find a way.

Thanks a lot.

Bruce

[Bruce Wang]

Hi Julien ,

If I need to use the io.vertx.ext.web.client.HttpRequest , I cannot leverage the project: https://reactiverse.io/elasticsearch-client/

Is there an approach to sign io.vertx.ext.web.client.HttpRequest ?

Thanks in advance.