У меня есть простой тестовый код для кода аутентификации Cognito в Java с Spring Boot. Он отлично работает на моем локальном компьютере, но когда я на удаленном сервере (CentOS), он действует очень странно. Если пользователь не существует в пуле. продолжает создавать и воссоздавать новые темы и отправлять запрос.
Код:
protected boolean isValidCognito(String username, String password) {
// Retrieving the AWS credentials from the default instance profile credentials instead of ".withCredentials()".
// More info on https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
AWSCognitoIdentityProvider awsCognitoIDPClient = AWSCognitoIdentityProviderClientBuilder.standard().build();
Map<String,String> authParams =new HashMap<>();
authParams.put("USERNAME", username);
authParams.put("PASSWORD", password);
AdminInitiateAuthRequest initialRequest = new AdminInitiateAuthRequest()
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH)
.withAuthParameters(authParams)
.withClientId(COGNITO_CLIENT_ID)
.withUserPoolId(COGNITO_POOL_ID);
try {
// NOTE: I know the request is being sent for sure, so we probably get at least this far
AdminInitiateAuthResult initialResponse = awsCognitoIDPClient.adminInitiateAuth(initialRequest);
Map<String, String> challengeParams = initialResponse.getChallengeParameters();
String cognitoUserIdForSrp = challengeParams.get("USER_ID_FOR_SRP");
String cognitoUserAttributes = challengeParams.get("userAttributes");
logger.debug("Cognito authenticated user ID: " + cognitoUserIdForSrp
+ " with user attributes: " + cognitoUserAttributes);
return true;
} catch (NotAuthorizedException nae) {
logger.error("Invalid Cognito username/password provided for " + authParams.get("USERNAME"));
return false;
} catch (AWSCognitoIdentityProviderException acipe) {
logger.error("Amazon Cognito Identity Provider Error!");
logger.debug("Make sure the user exists in the pool, and ALLOW_ADMIN_USER_PASSWORD_AUTH is enabled.");
return false;
} catch (Exception e) {
logger.error("Unexpected Error: ", e);
return false;
}
}
Регистрирует, если это помогает:
2020-02-25 17:14:54.919 TRACE 25144 --- [http-nio-8080-exec-98] o.s.t.i.TransactionInterceptor : Getting transaction for [METHOD_NAME]
2020-02-25 17:14:54.926 TRACE 25144 --- [http-nio-8080-exec-98] o.s.t.i.TransactionInterceptor : Completing transaction for [METHOD_NAME]
2020-02-25 17:14:54.935 TRACE 25144 --- [http-nio-8080-exec-98] o.s.t.i.TransactionInterceptor : Getting transaction for [METHOD_NAME]
2020-02-25 17:14:54.942 TRACE 25144 --- [http-nio-8080-exec-98] o.s.t.i.TransactionInterceptor : Completing transaction for [METHOD_NAME]
2020-02-25 17:14:54.950 DEBUG 25144 --- [http-nio-8080-exec-98] c.c.c.r.persistence.CognDaoImpl : There is a user migrated to Cognito with user_id: SOME_UUID
2020-02-25 17:14:54.950 INFO 25144 --- [http-nio-8080-exec-98] c.c.c.r.c.AuthenticationController : my_email@mailinator.com has been migrated. Using Cognito for authentication.
2020-02-25 17:14:56.655 TRACE 25144 --- [http-nio-8080-exec-160] o.s.t.i.TransactionInterceptor : Getting transaction for [METHOD_NAME]
2020-02-25 17:14:56.673 TRACE 25144 --- [http-nio-8080-exec-160] o.s.t.i.TransactionInterceptor : Completing transaction for [METHOD_NAME]
2020-02-25 17:14:56.683 TRACE 25144 --- [http-nio-8080-exec-160] o.s.t.i.TransactionInterceptor : Getting transaction for [METHOD_NAME]
2020-02-25 17:14:56.692 TRACE 25144 --- [http-nio-8080-exec-160] o.s.t.i.TransactionInterceptor : Completing transaction for [METHOD_NAME]
2020-02-25 17:14:56.705 DEBUG 25144 --- [http-nio-8080-exec-160] c.c.c.r.persistence.CogDaoImpl : There is a user migrated to Cognito with user_id: SOME_UUID
2020-02-25 17:14:56.705 INFO 25144 --- [http-nio-8080-exec-160] c.c.c.r.c.AuthenticationController : my_email@mailinator.com has been migrated. Using Cognito for authentication.
...