使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

session validation in Lambda authorizer

0

Hi, I've a B2B system that authenticate users using spring security (store tokens in Redis & set session cookie as same site, secure, http only).

I want that the authorize process will do a Lambda authorizer.

How can the lambda authorizer get this token from Redis using the session cookie & validate it?

Any oen face this issues?

Thanks!

主題
無伺服器資料庫運算前端網頁與行動裝置網路與內容交付AWS Well-Architected Framework
標籤
無伺服器Amazon ElastiCache for RedisAWS LambdaAmazon API Gateway安全性
語言
English
AWS-User-1922136
已提問 1 年前檢視次數 436 次
1 個回答
0

Your Lambda authorizer function should be attached to the VPC where Redis is running. You will include in the function a Redis SDK that will create a connection to the Redis cluster. You should create the connection outside the Lambda handler so it will be reused across all invocations.

You need to configure API Gateway to pass the Cookies header to the Lambda authorizer. When the function is invoked, it extracts the appropriate cookie from the header and validates it agains Redis. It will then return an appropriate resource policy that allows or denies the access.

profile pictureAWS
專家
Uri
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容