**引入全新的主机体验 AWS WAF**
现在,您可以使用更新的体验访问控制台中任意位置的 AWS WAF 功能。有关更多详细信息,请参阅[使用控制台](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html)。
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AWS WAF 移动 SDK 的代码示例
此部分提供使用软件开发工具包的代码示例。
## 初始化令牌提供程序并获取令牌
您可以使用配置对象启动令牌提供程序实例。然后,您可以使用可用操作检索令牌。以下是所需代码的基本组件。
------
#### [ iOS ]
```
let url: URL = URL(string: "protection pack (web ACL) integration URL")!
let configuration = WAFConfiguration(applicationIntegrationUrl: url, domainName: "Domain name")
let tokenProvider = WAFTokenProvider(configuration)
//onTokenReady can be add as an observer for UIApplication.willEnterForegroundNotification
self.tokenProvider.onTokenReady() { token, error in
if let token = token {
//token available
}
if let error = error {
//error occurred after exhausting all retries
}
}
//getToken()
let token = tokenProvider.getToken()
```
------
#### [ Android ]
Java 示例:
```
String applicationIntegrationURL = "protection pack (web ACL) integration URL";
//Or
URL applicationIntegrationURL = new URL("protection pack (web ACL) integration URL");
String domainName = "Domain name";
WAFConfiguration configuration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL).domainName(domainName).build();
WAFTokenProvider tokenProvider = new WAFTokenProvider(Application context, configuration);
// implement a token result callback
WAFTokenResultCallback callback = (wafToken, error) -> {
if (wafToken != null) {
// token available
} else {
// error occurred in token refresh
}
};
// Add this callback to application creation or activity creation where token will be used
tokenProvider.onTokenReady(callback);
// Once you have token in token result callback
// if background refresh is enabled you can call getToken() from same tokenprovider object
// if background refresh is disabled you can directly call getToken()(blocking call) for new token
WAFToken token = tokenProvider.getToken();
```
Kotlin 示例:
```
import com.amazonaws.waf.mobilesdk.token.WAFConfiguration
import com.amazonaws.waf.mobilesdk.token.WAFTokenProvider
private lateinit var wafConfiguration: WAFConfiguration
private lateinit var wafTokenProvider: WAFTokenProvider
private val WAF_INTEGRATION_URL = "protection pack (web ACL) integration URL"
private val WAF_DOMAIN_NAME = "Domain name"
fun initWaf() {
// Initialize the tokenprovider instance
val applicationIntegrationURL = URL(WAF_INTEGRATION_URL)
wafConfiguration =
WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL)
.domainName(WAF_DOMAIN_NAME).backgroundRefreshEnabled(true).build()
wafTokenProvider = WAFTokenProvider(getApplication(), wafConfiguration)
// getToken from tokenprovider object
println("WAF: "+ wafTokenProvider.token.value)
// implement callback for where token will be used
wafTokenProvider.onTokenReady {
wafToken, sdkError ->
run {
println("WAF Token:" + wafToken.value)
}
}
}
```
------
## 允许软件开发工具包在您的 HTTP 请求中提供令牌 Cookie
如果 `setTokenCookie` 是 `TRUE`,令牌提供者会在您向 `tokenCookiePath` 中指定的路径下的所有位置发出的网络请求中为您包含令牌 Cookie。默认情况下,`setTokenCookie` 为 `TRUE`,`tokenCookiePath` 为 `/`。
您可以通过指定令牌 Cookie 路径来缩小包含令牌 Cookie 的请求的范围,例如 `/web/login`。如果您这样做,请检查您的 AWS WAF 规则是否未检查您发送到其他路径的请求中的令牌。使用 `AWSManagedRulesACFPRuleSet` 规则组时,您可以配置账户注册和创建路径,规则组会检查发送到这些路径的请求中的令牌。有关更多信息,请参阅 [将 ACFP 托管规则组添加到您的 web ACL](waf-acfp-rg-using.md)。同样,当您使用 `AWSManagedRulesATPRuleSet` 规则组时,您可以配置登录路径,规则组会检查发送到该路径的请求中的令牌。有关更多信息,请参阅 [将 ATP 托管规则组添加到您的保护包(web ACL)](waf-atp-rg-using.md)。
------
#### [ iOS ]
如果`setTokenCookie`是`TRUE`,则令牌提供者会将 AWS WAF 令牌存储在 a 中,`HTTPCookieStorage.shared`并自动将该 Cookie 包含在对您在中指定的域的请求中`WAFConfiguration`。
```
let request = URLRequest(url: URL(string: domainEndpointUrl)!)
//The token cookie is set automatically as cookie header
let task = URLSession.shared.dataTask(with: request) { data, urlResponse, error in
}.resume()
```
------
#### [ Android ]
如果`setTokenCookie`是`TRUE`,则令牌提供者将 AWS WAF 令牌存储在应用程序范围内共享的`CookieHandler`实例中。令牌提供程序会自动将 Cookie 包含在对您在 `WAFConfiguration` 中指定的域的请求中。
Java 示例:
```
URL url = new URL("Domain name");
//The token cookie is set automatically as cookie header
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.getResponseCode();
```
Kotlin 示例:
```
val url = URL("Domain name")
//The token cookie is set automatically as cookie header
val connection = (url.openConnection() as HttpsURLConnection)
connection.responseCode
```
如果您已经初始化了 `CookieHandler` 默认实例,则令牌提供程序将使用它来管理 Cookie。否则,令牌提供者将使用该令 AWS WAF 牌初始化一个新`CookieManager`实例,`CookiePolicy.ACCEPT_ORIGINAL_SERVER`然后将此新实例设置为中的默认实例`CookieHandler`。
以下代码显示了当 Cookie 管理器和 Cookie 处理程序在您的应用程序中不可用时,软件开发工具包如何对其进行初始化。
Java 示例:
```
CookieManager cookieManager = (CookieManager) CookieHandler.getDefault();
if (cookieManager == null) {
// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
}
```
Kotlin 示例:
```
var cookieManager = CookieHandler.getDefault() as? CookieManager
if (cookieManager == null) {
// Cookie manager is initialized with CookiePolicy.ACCEPT_ORIGINAL_SERVER
cookieManager = CookieManager()
CookieHandler.setDefault(cookieManager)
}
```
------
## 在您的 HTTP 请求中手动提供令牌 Cookie
如果您将 `setTokenCookie` 设置为 `FALSE`,则需要在向受保护端点发出的请求中手动提供令牌 Cookie,作为 Cookie HTTP 请求标头。以下代码演示了如何执行此操作。
------
#### [ iOS ]
```
var request = URLRequest(url: wafProtectedEndpoint)
request.setValue("aws-waf-token=token from token provider", forHTTPHeaderField: "Cookie")
request.httpShouldHandleCookies = true
URLSession.shared.dataTask(with: request) { data, response, error in }
```
------
#### [ Android ]
Java 示例:
```
URL url = new URL("Domain name");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
String wafTokenCookie = "aws-waf-token=token from token provider";
connection.setRequestProperty("Cookie", wafTokenCookie);
connection.getInputStream();
```
Kotlin 示例:
```
val url = URL("Domain name")
val connection = (url.openConnection() as HttpsURLConnection)
val wafTokenCookie = "aws-waf-token=token from token provider"
connection.setRequestProperty("Cookie", wafTokenCookie)
connection.inputStream
```
------