當前位置：首頁 > 人文社科 > 生活经验 >内容正文

生活经验

java aws访问授权实例_java – 使用IAM身份验证和Spring JDBC访问AWS ...

發布時間：2023/11/27 生活经验 32 豆豆

生活随笔收集整理的這篇文章主要介紹了 java aws访问授权实例_java – 使用IAM身份验证和Spring JDBC访问AWS ... 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

您可以使用以下代碼段替換SpringBoot / Tomcat提供的默認連接池.它將每10分鐘刷新一次令牌密碼,因為令牌有效期為15分鐘.此外,它假定可以從DNS主機名中提取區域.如果不是這種情況,則需要指定要使用的區域.

public class RdsIamAuthDataSource extends org.apache.tomcat.jdbc.pool.DataSource {

private static final Logger LOG = LoggerFactory.getLogger(RdsIamAuthDataSource.class);

/**

* The Java KeyStore (JKS) file that contains the Amazon root CAs

public static final String RDS_CACERTS = "/rds-cacerts";

/**

* Password for the ca-certs file.

public static final String PASSWORD = "changeit";

public static final int DEFAULT_PORT = 3306;

@Override

public ConnectionPool createPool() throws SQLException {

return pool != null ? pool : createPoolImpl();

}

protected synchronized ConnectionPool createPoolImpl() throws SQLException {

return pool = new RdsIamAuthConnectionPool(poolProperties);

}

public static class RdsIamAuthConnectionPool extends ConnectionPool implements Runnable {

private RdsIamAuthTokenGenerator rdsIamAuthTokenGenerator;

private String host;

private String region;

private int port;

private String username;

private Thread tokenThread;

public RdsIamAuthConnectionPool(PoolConfiguration prop) throws SQLException {

super(prop);

}

@Override

protected void init(PoolConfiguration prop) throws SQLException {

try {

URI uri = new URI(prop.getUrl().substring(5));

this.host = uri.getHost();

this.port = uri.getPort();

if (this.port < 0) {

this.port = DEFAULT_PORT;

}

this.region = StringUtils.split(this.host,'.')[2]; // extract region from rds hostname

this.username = prop.getUsername();

this.rdsIamAuthTokenGenerator = RdsIamAuthTokenGenerator.builder().credentials(new DefaultAWSCredentialsProviderChain()).region(this.region).build();

updatePassword(prop);

final Properties props = prop.getDbProperties();

props.setProperty("useSSL","true");

props.setProperty("requireSSL","true");

props.setProperty("trustCertificateKeyStoreUrl",getClass().getResource(RDS_CACERTS).toString());

props.setProperty("trustCertificateKeyStorePassword", PASSWORD);

super.init(prop);

this.tokenThread = new Thread(this, "RdsIamAuthDataSourceTokenThread");

this.tokenThread.setDaemon(true);

this.tokenThread.start();

} catch (URISyntaxException e) {

throw new RuntimeException(e.getMessage());

}

@Override

public void run() {

try {

while (this.tokenThread != null) {

Thread.sleep(10 * 60 * 1000); // wait for 10 minutes, then recreate the token

updatePassword(getPoolProperties());

}

} catch (InterruptedException e) {

LOG.debug("Background token thread interrupted");

}

@Override

protected void close(boolean force) {

super.close(force);

Thread t = tokenThread;

tokenThread = null;

if (t != null) {

t.interrupt();

}

private void updatePassword(PoolConfiguration props) {

String token = rdsIamAuthTokenGenerator.getAuthToken(GetIamAuthTokenRequest.builder().hostname(host).port(port).userName(this.username).build());

LOG.debug("Updated IAM token for connection pool");

props.setPassword(token);

}

請注意,您需要導入Amazon的根/中間證書才能建立可信連接.上面的示例代碼假定證書已導入到名為“rds-cacert”的文件中,并且在類路徑中可用.或者,您也可以將它們導入JVM的“cacerts”文件中.

要使用此數據源,可以使用Spring的以下屬性：

datasource:

url: jdbc:mysql://dbhost.xyz123abc.us-east-1.rds.amazonaws.com/dbname

username: iam_app_user

driver-class-name: com.mysql.cj.jdbc.Driver

type: com.mydomain.jdbc.RdsIamAuthDataSource

使用Spring Java配置：

@Bean public DataSource dataSource() {

PoolConfiguration props = new PoolProperties();

props.setUrl("jdbc:mysql://dbname.abc123xyz.us-east-1.rds.amazonaws.com/dbschema");

props.setUsername("iam_dbuser_app");

props.setDriverClassName("com.mysql.jdbc.Driver");

return new RdsIamAuthDataSource(props);

}

總結

以上是生活随笔為你收集整理的java aws访问授权实例_java – 使用IAM身份验证和Spring JDBC访问AWS ...的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇：我的世界抗火药水怎么制作?
下一篇： java webservice序列化_j

生活经验

java aws访问授权 实例_java – 使用IAM身份验证和Spring JDBC访问AWS ...

總結

java aws访问授权实例_java – 使用IAM身份验证和Spring JDBC访问AWS ...