AWS WAF 行動 SDK 的程式碼範例 - AWS WAF AWS Firewall Manager、 AWS Shield Advanced和 AWS Shield 網路安全主管
初始化權杖提供者並取得權杖允許 SDK 提供字符 Cookie手動提供字符 Cookie

推出 的新主控台體驗 AWS WAF

您現在可以使用更新後的體驗,在主控台的任何位置存取 AWS WAF 功能。如需詳細資訊,請參閱使用 主控台

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS WAF 行動 SDK 的程式碼範例

本節提供使用行動 SDK 的程式碼範例。

初始化權杖提供者並取得權杖

您可以使用組態物件啟動權杖提供者執行個體。然後,您可以使用可用的操作擷取權杖。以下顯示必要程式碼的基本元件。

iOS
let url: URL = URL(string: "protection pack (web ACL) integration URL")!
let configuration = WAFConfiguration(applicationIntegrationUrl: url, domainName: "Domain name")
let tokenProvider = WAFTokenProvider(configuration)

//onTokenReady can be add as an observer for UIApplication.willEnterForegroundNotification
self.tokenProvider.onTokenReady() { token, error in
	if let token = token {
	//token available
	}

	if let error = error {
	//error occurred after exhausting all retries
	}
}

//getToken()
let token = tokenProvider.getToken()
Android

Java 範例:

String applicationIntegrationURL = "protection pack (web ACL) integration URL";
//Or
URL applicationIntegrationURL = new URL("protection pack (web ACL) integration URL");

String domainName = "Domain name";

WAFConfiguration configuration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL).domainName(domainName).build();
WAFTokenProvider tokenProvider = new WAFTokenProvider(Application context, configuration);

// implement a token result callback
WAFTokenResultCallback callback = (wafToken, error) -> {
	if (wafToken != null) {
	// token available
	} else {  
	// error occurred in token refresh  
	}
};

// Add this callback to application creation or activity creation where token will be used
tokenProvider.onTokenReady(callback);

// Once you have token in token result callback
// if background refresh is enabled you can call getToken() from same tokenprovider object
// if background refresh is disabled you can directly call getToken()(blocking call) for new token
WAFToken token = tokenProvider.getToken();

Kotlin 範例:

import com.amazonaws.waf.mobilesdk.token.WAFConfiguration
import com.amazonaws.waf.mobilesdk.token.WAFTokenProvider

private lateinit var wafConfiguration: WAFConfiguration
private lateinit var wafTokenProvider: WAFTokenProvider

private val WAF_INTEGRATION_URL = "protection pack (web ACL) integration URL"
private val WAF_DOMAIN_NAME = "Domain name"

fun initWaf() {
	// Initialize the tokenprovider instance
	val applicationIntegrationURL = URL(WAF_INTEGRATION_URL)
	wafConfiguration =
		WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL)
			.domainName(WAF_DOMAIN_NAME).backgroundRefreshEnabled(true).build()
	wafTokenProvider = WAFTokenProvider(getApplication(), wafConfiguration)
	
		// getToken from tokenprovider object
		println("WAF: "+ wafTokenProvider.token.value)
	
		// implement callback for where token will be used
		wafTokenProvider.onTokenReady {
			wafToken, sdkError ->
		run {
			println("WAF Token:" + wafToken.value)
		}
	}
}

如果 setTokenCookieTRUE,權杖提供者會在 Web 請求中,將權杖 Cookie 包含到 中指定路徑下的所有位置tokenCookiePath。根據預設,setTokenCookieTRUE,而 tokenCookiePath/

您可以透過指定字符 Cookie 路徑來縮小包含字符 Cookie 的請求範圍,例如 /web/login。如果您這樣做,請檢查您的 AWS WAF 規則是否在您傳送至其他路徑的請求中檢查字符。使用AWSManagedRulesACFPRuleSet規則群組時,您可以設定帳戶註冊和建立路徑,而規則群組會檢查傳送至這些路徑之請求中的字符。如需詳細資訊,請參閱將 ACFP 受管規則群組新增至 Web ACL。同樣地,當您使用AWSManagedRulesATPRuleSet規則群組時,您可以設定登入路徑,而規則群組會檢查傳送至該路徑之請求中的字符。如需詳細資訊,請參閱將 ATP 受管規則群組新增至保護套件 (Web ACL)

iOS

setTokenCookie為 時TRUE,字符提供者會將 AWS WAF 字符存放在 中,HTTPCookieStorage.shared並在對您在 中指定的網域的請求中自動包含 CookieWAFConfiguration

let request = URLRequest(url: URL(string: domainEndpointUrl)!)
//The token cookie is set automatically as cookie header
let task = URLSession.shared.dataTask(with: request) { data, urlResponse, error  in
}.resume()
Android

setTokenCookie為 時TRUE,字符提供者會將 AWS WAF 字符存放在整個共用應用程式的CookieHandler執行個體中。權杖提供者會自動將 Cookie 包含在對您在 中指定之網域的請求中WAFConfiguration

Java 範例:

URL url = new URL("Domain name");
//The token cookie is set automatically as cookie header
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.getResponseCode();

Kotlin 範例:

val url = URL("Domain name")
//The token cookie is set automatically as cookie header
val connection = (url.openConnection() as HttpsURLConnection)
connection.responseCode

如果您已初始化CookieHandler預設執行個體,字符提供者將使用它來管理 Cookie。如果沒有,字符提供者將使用 AWS WAF 字符初始化新的CookieManager執行個體,CookiePolicy.ACCEPT_ORIGINAL_SERVER然後將此新執行個體設定為 中的預設執行個體CookieHandler

下列程式碼顯示 SDK 如何在您的應用程式中無法使用 Cookie 管理員和 Cookie 處理常式時初始化 Cookie 管理員和 Cookie 處理常式。

Java 範例:

CookieManager cookieManager = (CookieManager) CookieHandler.getDefault();
if (cookieManager == null) {
	// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
	cookieManager = new CookieManager();
	CookieHandler.setDefault(cookieManager);
}

Kotlin 範例:

var cookieManager = CookieHandler.getDefault() as? CookieManager
if (cookieManager == null) {
	// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
	cookieManager = CookieManager()
	CookieHandler.setDefault(cookieManager)
}

如果您將 setTokenCookie設定為 FALSE,則需要在對受保護端點的請求中,以 Cookie HTTP 請求標頭的形式手動提供字符 Cookie。下列程式碼示範如何執行此操作。

iOS
var request = URLRequest(url: wafProtectedEndpoint)
request.setValue("aws-waf-token=token from token provider", forHTTPHeaderField: "Cookie")
request.httpShouldHandleCookies = true
URLSession.shared.dataTask(with: request) { data, response, error in }
Android

Java 範例:

URL url = new URL("Domain name");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
String wafTokenCookie = "aws-waf-token=token from token provider";
connection.setRequestProperty("Cookie", wafTokenCookie);
connection.getInputStream();

Kotlin 範例:

val url = URL("Domain name")
val connection = (url.openConnection() as HttpsURLConnection)
val wafTokenCookie = "aws-waf-token=token from token provider"
connection.setRequestProperty("Cookie", wafTokenCookie)
connection.inputStream