
Signing HTTP requests to AWS using WebClient
Krzysztof Kocel
November 29, 2024
Recently, I had to communicate with OpenSearch hosted on AWS from my reactive Spring Boot application.
It turned out that Java client for OpenSearch exists, but does not support reactive mode. The same goes for Spring Data for OpenSearch.
So, instead of relying on the above libraries, I used raw WebClient and manually signed HTTP requests.
After reading how to create a signed request I realized that the request payload needs to be used in signing as well - not an easy task in a reactive world ;).
I could encode JSON as a string and sign the request with the payload known beforehand, but that would be a workaround. I found this article and adapted it for signing AWS requests.
Signing requests with the body is more complex in the Reactor world. It’s because the body is only available once it gets encoded.
Here is a high-level diagram showing the three main steps:
MessageSigningHttpConnector
exposes the request to the server, so I store it in the ReactorContext
.BodyProvidingJsonEncoder
encodes the request body, so I extract it from theDataBuffer
and add it as part of the signature.- After generating the signature, I add it to the request headers.
Phew! That was a lot of work!
The proposed solution works for JSON requests only but can be extended to other protocols.
Just reuse BodyProvidingEncoder
, and register your encoder in the ClientCodecConfigurer
.
If this solution is helpful to you, the source code is on GitHub.