Additional changes and unit tests for ALB support (aws#214). Turns out that the behavior between ALB and API Gateway differs: ALB does not decode encoded query parameters, API Gateway does.

Author: sapessi

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -234,7 +234,11 @@ public String getContextPath() {
     @Override
     public String getQueryString() {
         try {
-            return this.generateQueryString(request.getMultiValueQueryStringParameters(), true, config.getUriEncoding());
+            return this.generateQueryString(
+                    request.getMultiValueQueryStringParameters(),
+                    // ALB does not automatically decode parameters, so we don't want to re-encode them
+                    request.getRequestSource() != AwsProxyRequest.RequestSource.ALB,
+                    config.getUriEncoding());
         } catch (ServletException e) {
             log.error("Could not generate query string", e);
             return null;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/testutils/AwsProxyRequestBuilder.java

@@ -19,6 +19,7 @@
 import com.amazonaws.serverless.proxy.model.ApiGatewayRequestIdentity;
 import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
 import com.amazonaws.serverless.proxy.model.CognitoAuthorizerClaims;
+import com.amazonaws.serverless.proxy.model.ContainerConfig;
 import com.amazonaws.serverless.proxy.model.Headers;
 import com.amazonaws.serverless.proxy.model.MultiValuedTreeMap;
 
@@ -36,6 +37,9 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
@@ -184,7 +188,24 @@ public AwsProxyRequestBuilder queryString(String key, String value) {
             this.request.setMultiValueQueryStringParameters(new MultiValuedTreeMap<>());
         }
 
-        this.request.getMultiValueQueryStringParameters().add(key, value);
+        if (request.getRequestSource() == AwsProxyRequest.RequestSource.API_GATEWAY) {
+            this.request.getMultiValueQueryStringParameters().add(key, value);
+        }
+        // ALB does not decode parameters automatically like API Gateway.
+        if (request.getRequestSource() == AwsProxyRequest.RequestSource.ALB) {
+            String albValue = value;
+            try {
+                //if (URLDecoder.decode(value, ContainerConfig.DEFAULT_CONTENT_CHARSET).equals(value)) {
+                // TODO: Assume we are always given an unencoded value, smarter check here to encode
+                // only if necessary
+                    albValue = URLEncoder.encode(value, ContainerConfig.DEFAULT_CONTENT_CHARSET);
+                //}
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+                throw new RuntimeException(e);
+            }
+            this.request.getMultiValueQueryStringParameters().add(key, albValue);
+        }
         return this;
     }
 
@@ -219,14 +240,20 @@ public AwsProxyRequestBuilder binaryBody(InputStream is)
 
 
     public AwsProxyRequestBuilder authorizerPrincipal(String principal) {
-        if (this.request.getRequestContext().getAuthorizer() == null) {
-            this.request.getRequestContext().setAuthorizer(new ApiGatewayAuthorizerContext());
+        if (this.request.getRequestSource() == AwsProxyRequest.RequestSource.API_GATEWAY) {
+            if (this.request.getRequestContext().getAuthorizer() == null) {
+                this.request.getRequestContext().setAuthorizer(new ApiGatewayAuthorizerContext());
+            }
+            this.request.getRequestContext().getAuthorizer().setPrincipalId(principal);
+            if (this.request.getRequestContext().getAuthorizer().getClaims() == null) {
+                this.request.getRequestContext().getAuthorizer().setClaims(new CognitoAuthorizerClaims());
+            }
+            this.request.getRequestContext().getAuthorizer().getClaims().setSubject(principal);
         }
-        this.request.getRequestContext().getAuthorizer().setPrincipalId(principal);
-        if (this.request.getRequestContext().getAuthorizer().getClaims() == null) {
-            this.request.getRequestContext().getAuthorizer().setClaims(new CognitoAuthorizerClaims());
+        if (this.request.getRequestSource() == AwsProxyRequest.RequestSource.ALB) {
+            header("x-amzn-oidc-identity", principal);
+            header("x-amzn-oidc-accesstoken", Base64.getMimeEncoder().encodeToString("test-token".getBytes()));
         }
-        this.request.getRequestContext().getAuthorizer().getClaims().setSubject(principal);
         return this;
     }
 

aws-serverless-java-container-jersey/src/test/java/com/amazonaws/serverless/proxy/jersey/JerseyAwsProxyTest.java

@@ -30,19 +30,24 @@
 import org.glassfish.jersey.logging.LoggingFeature;
 import org.glassfish.jersey.server.ResourceConfig;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.UUID;
 
 import static org.junit.Assert.*;
 
 /**
  * Unit test class for the Jersey AWS_PROXY default implementation
  */
+@RunWith(Parameterized.class)
 public class JerseyAwsProxyTest {
     private static final String CUSTOM_HEADER_KEY = "x-custom-header";
     private static final String CUSTOM_HEADER_VALUE = "my-custom-value";
@@ -59,9 +64,28 @@ public class JerseyAwsProxyTest {
 
     private static Context lambdaContext = new MockLambdaContext();
 
+    private boolean isAlb;
+
+    public JerseyAwsProxyTest(boolean alb) {
+        isAlb = alb;
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object> data() {
+        return Arrays.asList(new Object[] { false, true });
+    }
+    
+    private AwsProxyRequestBuilder getRequestBuilder(String path, String method) {
+        AwsProxyRequestBuilder builder = new AwsProxyRequestBuilder(path, method);
+        if (isAlb) builder.alb();
+        
+        return builder;
+    }
+
+
     @Test
     public void alb_basicRequest_expectSuccess() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/headers", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/headers", "GET")
                                           .json()
                                           .header(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE)
                                           .alb()
@@ -78,7 +102,7 @@ public void alb_basicRequest_expectSuccess() {
 
     @Test
     public void headers_getHeaders_echo() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/headers", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/headers", "GET")
                 .json()
                 .header(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE)
                 .build();
@@ -92,7 +116,7 @@ public void headers_getHeaders_echo() {
 
     @Test
     public void headers_servletRequest_echo() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/servlet-headers", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/servlet-headers", "GET")
                 .json()
                 .header(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE)
                 .build();
@@ -106,7 +130,7 @@ public void headers_servletRequest_echo() {
 
     @Test
     public void context_servletResponse_setCustomHeader() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/servlet-response", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/servlet-response", "GET")
                                           .json()
                                           .build();
 
@@ -117,7 +141,7 @@ public void context_servletResponse_setCustomHeader() {
 
     @Test
     public void context_serverInfo_correctContext() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/servlet-context", "GET").build();
+        AwsProxyRequest request = getRequestBuilder("/echo/servlet-context", "GET").build();
         AwsProxyResponse output = handler.proxy(request, lambdaContext);
         for (String header : output.getMultiValueHeaders().keySet()) {
             System.out.println(header + ": " + output.getMultiValueHeaders().getFirst(header));
@@ -130,7 +154,7 @@ public void context_serverInfo_correctContext() {
 
     @Test
     public void requestScheme_valid_expectHttps() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/scheme", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/scheme", "GET")
                                           .json()
                                           .build();
 
@@ -143,7 +167,7 @@ public void requestScheme_valid_expectHttps() {
 
     @Test
     public void requestFilter_injectsServletRequest_expectCustomAttribute() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/filter-attribute", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/filter-attribute", "GET")
                                           .json()
                                           .build();
 
@@ -156,21 +180,24 @@ public void requestFilter_injectsServletRequest_expectCustomAttribute() {
 
     @Test
     public void authorizer_securityContext_customPrincipalSuccess() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/authorizer-principal", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/authorizer-principal", "GET")
                 .json()
                 .authorizerPrincipal(AUTHORIZER_PRINCIPAL_ID)
                 .build();
 
         AwsProxyResponse output = handler.proxy(request, lambdaContext);
-        assertEquals(200, output.getStatusCode());
-        assertEquals("application/json", output.getMultiValueHeaders().getFirst("Content-Type"));
+        if (!isAlb) {
+            assertEquals(200, output.getStatusCode());
+            assertEquals("application/json", output.getMultiValueHeaders().getFirst("Content-Type"));
+            validateSingleValueModel(output, AUTHORIZER_PRINCIPAL_ID);
+        }
+
 
-        validateSingleValueModel(output, AUTHORIZER_PRINCIPAL_ID);
     }
 
     @Test
     public void authorizer_securityContext_customAuthorizerContextSuccess() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/authorizer-context", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/authorizer-context", "GET")
                 .json()
                 .authorizerPrincipal(AUTHORIZER_PRINCIPAL_ID)
                 .authorizerContextValue(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE)
@@ -186,15 +213,15 @@ public void authorizer_securityContext_customAuthorizerContextSuccess() {
 
     @Test
     public void errors_unknownRoute_expect404() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/test33", "GET").build();
+        AwsProxyRequest request = getRequestBuilder("/echo/test33", "GET").build();
 
         AwsProxyResponse output = handler.proxy(request, lambdaContext);
         assertEquals(404, output.getStatusCode());
     }
 
     @Test
     public void error_contentType_invalidContentType() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/json-body", "POST")
+        AwsProxyRequest request = getRequestBuilder("/echo/json-body", "POST")
                 .header("Content-Type", "application/octet-stream")
                 .body("asdasdasd")
                 .build();
@@ -205,7 +232,7 @@ public void error_contentType_invalidContentType() {
 
     @Test
     public void error_statusCode_methodNotAllowed() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/status-code", "POST")
+        AwsProxyRequest request = getRequestBuilder("/echo/status-code", "POST")
                 .json()
                 .queryString("status", "201")
                 .build();
@@ -218,7 +245,7 @@ public void error_statusCode_methodNotAllowed() {
     public void responseBody_responseWriter_validBody() throws JsonProcessingException {
         SingleValueModel singleValueModel = new SingleValueModel();
         singleValueModel.setValue(CUSTOM_HEADER_VALUE);
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/json-body", "POST")
+        AwsProxyRequest request = getRequestBuilder("/echo/json-body", "POST")
                 .json()
                 .body(objectMapper.writeValueAsString(singleValueModel))
                 .build();
@@ -232,7 +259,7 @@ public void responseBody_responseWriter_validBody() throws JsonProcessingExcepti
 
     @Test
     public void statusCode_responseStatusCode_customStatusCode() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/status-code", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/status-code", "GET")
                 .json()
                 .queryString("status", "201")
                 .build();
@@ -243,7 +270,7 @@ public void statusCode_responseStatusCode_customStatusCode() {
 
     @Test
     public void base64_binaryResponse_base64Encoding() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/binary", "GET").build();
+        AwsProxyRequest request = getRequestBuilder("/echo/binary", "GET").build();
 
         AwsProxyResponse response = handler.proxy(request, lambdaContext);
         assertNotNull(response.getBody());
@@ -252,7 +279,7 @@ public void base64_binaryResponse_base64Encoding() {
 
     @Test
     public void exception_mapException_mapToNotImplemented() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/exception", "GET").build();
+        AwsProxyRequest request = getRequestBuilder("/echo/exception", "GET").build();
 
         AwsProxyResponse response = handler.proxy(request, lambdaContext);
         assertNotNull(response.getBody());
@@ -262,7 +289,7 @@ public void exception_mapException_mapToNotImplemented() {
 
     @Test
     public void stripBasePath_route_shouldRouteCorrectly() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/custompath/echo/status-code", "GET")
+        AwsProxyRequest request = getRequestBuilder("/custompath/echo/status-code", "GET")
                                           .json()
                                           .queryString("status", "201")
                                           .build();
@@ -274,7 +301,7 @@ public void stripBasePath_route_shouldRouteCorrectly() {
 
     @Test
     public void stripBasePath_route_shouldReturn404WithStageAsContext() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/custompath/echo/status-code", "GET")
+        AwsProxyRequest request = getRequestBuilder("/custompath/echo/status-code", "GET")
                                           .stage("prod")
                                           .json()
                                           .queryString("status", "201")
@@ -289,7 +316,7 @@ public void stripBasePath_route_shouldReturn404WithStageAsContext() {
 
     @Test
     public void stripBasePath_route_shouldReturn404() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/custompath/echo/status-code", "GET")
+        AwsProxyRequest request = getRequestBuilder("/custompath/echo/status-code", "GET")
                                           .json()
                                           .queryString("status", "201")
                                           .build();
@@ -301,7 +328,7 @@ public void stripBasePath_route_shouldReturn404() {
 
     @Test
     public void securityContext_injectPrincipal_expectPrincipalName() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/security-context", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/security-context", "GET")
                                           .authorizerPrincipal(USER_PRINCIPAL).build();
 
         AwsProxyResponse resp = handler.proxy(request, lambdaContext);
@@ -311,7 +338,7 @@ public void securityContext_injectPrincipal_expectPrincipalName() {
 
     @Test
     public void emptyStream_putNullBody_expectPutToSucceed() {
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/empty-stream/" + CUSTOM_HEADER_KEY + "/test/2", "PUT")
+        AwsProxyRequest request = getRequestBuilder("/echo/empty-stream/" + CUSTOM_HEADER_KEY + "/test/2", "PUT")
                                           .nullBody()
                                           .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
                                           .build();
@@ -323,7 +350,7 @@ public void emptyStream_putNullBody_expectPutToSucceed() {
     @Test
     public void refererHeader_headerParam_expectCorrectInjection() {
         String refererValue = "test-referer";
-        AwsProxyRequest request = new AwsProxyRequestBuilder("/echo/referer-header", "GET")
+        AwsProxyRequest request = getRequestBuilder("/echo/referer-header", "GET")
                                           .nullBody()
                                           .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
                                           .header("Referer", refererValue)