com.amazonaws.services.apigateway.model.Authorizer Maven / Gradle / Ivy
/*
* Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.apigateway.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when
* a client calls the method.
*
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class Authorizer implements Serializable, Cloneable, StructuredPojo {
/**
*
* The identifier for the authorizer resource.
*
*/
private String id;
/**
*
* The name of the authorizer.
*
*/
private String name;
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*/
private String type;
/**
*
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is
* of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a
* TOKEN or REQUEST authorizer, this is not defined.
*
*/
private java.util.List providerARNs;
/**
*
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*
*/
private String authType;
/**
*
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST
* authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where
* {region} is the same as the region hosting the Lambda function, path indicates that the
* remaining substring in the URI should be treated as the path to the resource, including the initial
* /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*
*/
private String authorizerUri;
/**
*
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM
* role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on
* the Lambda function, specify null.
*
*/
private String authorizerCredentials;
/**
*
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression
* for the custom header holding the authorization token submitted by the client. For example, if the token header
* name is Auth, the header mapping expression is method.request.header.Auth. For the
* REQUEST authorizer, this is required when authorization caching is enabled. The value is a
* comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an
* Auth header, a Name query string parameter are defined as identity sources, this value
* is method.request.header.Auth, method.request.querystring.Name. These parameters will
* be used to derive the authorization caching key and to perform runtime validation of the REQUEST
* authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only
* when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401
* Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping
* expressions of the specified request parameters. When the authorization caching is not enabled, this property is
* optional.
*
*/
private String identitySource;
/**
*
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is a
* regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud
* field of the incoming token from the client against the specified regular expression. It will invoke the
* authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without
* calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.
*
*/
private String identityValidationExpression;
/**
*
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is
* greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300.
* The maximum value is 3600, or 1 hour.
*
*/
private Integer authorizerResultTtlInSeconds;
/**
*
* The identifier for the authorizer resource.
*
*
* @param id
* The identifier for the authorizer resource.
*/
public void setId(String id) {
this.id = id;
}
/**
*
* The identifier for the authorizer resource.
*
*
* @return The identifier for the authorizer resource.
*/
public String getId() {
return this.id;
}
/**
*
* The identifier for the authorizer resource.
*
*
* @param id
* The identifier for the authorizer resource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withId(String id) {
setId(id);
return this;
}
/**
*
* The name of the authorizer.
*
*
* @param name
* The name of the authorizer.
*/
public void setName(String name) {
this.name = name;
}
/**
*
* The name of the authorizer.
*
*
* @return The name of the authorizer.
*/
public String getName() {
return this.name;
}
/**
*
* The name of the authorizer.
*
*
* @param name
* The name of the authorizer.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withName(String name) {
setName(name);
return this;
}
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*
* @param type
* The authorizer type. Valid values are TOKEN for a Lambda function using a single
* authorization token submitted in a custom header, REQUEST for a Lambda function using
* incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.
* @see AuthorizerType
*/
public void setType(String type) {
this.type = type;
}
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*
* @return The authorizer type. Valid values are TOKEN for a Lambda function using a single
* authorization token submitted in a custom header, REQUEST for a Lambda function using
* incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.
* @see AuthorizerType
*/
public String getType() {
return this.type;
}
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*
* @param type
* The authorizer type. Valid values are TOKEN for a Lambda function using a single
* authorization token submitted in a custom header, REQUEST for a Lambda function using
* incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.
* @return Returns a reference to this object so that method calls can be chained together.
* @see AuthorizerType
*/
public Authorizer withType(String type) {
setType(type);
return this;
}
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*
* @param type
* The authorizer type. Valid values are TOKEN for a Lambda function using a single
* authorization token submitted in a custom header, REQUEST for a Lambda function using
* incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.
* @see AuthorizerType
*/
public void setType(AuthorizerType type) {
withType(type);
}
/**
*
* The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token
* submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and
* COGNITO_USER_POOLS for using an Amazon Cognito user pool.
*
*
* @param type
* The authorizer type. Valid values are TOKEN for a Lambda function using a single
* authorization token submitted in a custom header, REQUEST for a Lambda function using
* incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.
* @return Returns a reference to this object so that method calls can be chained together.
* @see AuthorizerType
*/
public Authorizer withType(AuthorizerType type) {
this.type = type.toString();
return this;
}
/**
*
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is
* of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a
* TOKEN or REQUEST authorizer, this is not defined.
*
*
* @return A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each
* element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}
* . For a TOKEN or REQUEST authorizer, this is not defined.
*/
public java.util.List getProviderARNs() {
return providerARNs;
}
/**
*
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is
* of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a
* TOKEN or REQUEST authorizer, this is not defined.
*
*
* @param providerARNs
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each
* element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.
* For a TOKEN or REQUEST authorizer, this is not defined.
*/
public void setProviderARNs(java.util.Collection providerARNs) {
if (providerARNs == null) {
this.providerARNs = null;
return;
}
this.providerARNs = new java.util.ArrayList(providerARNs);
}
/**
*
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is
* of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a
* TOKEN or REQUEST authorizer, this is not defined.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setProviderARNs(java.util.Collection)} or {@link #withProviderARNs(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param providerARNs
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each
* element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.
* For a TOKEN or REQUEST authorizer, this is not defined.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withProviderARNs(String... providerARNs) {
if (this.providerARNs == null) {
setProviderARNs(new java.util.ArrayList(providerARNs.length));
}
for (String ele : providerARNs) {
this.providerARNs.add(ele);
}
return this;
}
/**
*
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is
* of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a
* TOKEN or REQUEST authorizer, this is not defined.
*
*
* @param providerARNs
* A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each
* element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.
* For a TOKEN or REQUEST authorizer, this is not defined.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withProviderARNs(java.util.Collection providerARNs) {
setProviderARNs(providerARNs);
return this;
}
/**
*
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*
*
* @param authType
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*/
public void setAuthType(String authType) {
this.authType = authType;
}
/**
*
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*
*
* @return Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*/
public String getAuthType() {
return this.authType;
}
/**
*
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
*
*
* @param authType
* Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withAuthType(String authType) {
setAuthType(authType);
return this;
}
/**
*
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST
* authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where
* {region} is the same as the region hosting the Lambda function, path indicates that the
* remaining substring in the URI should be treated as the path to the resource, including the initial
* /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*
*
* @param authorizerUri
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or
* REQUEST authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api},
* where {region} is the same as the region hosting the Lambda function, path
* indicates that the remaining substring in the URI should be treated as the path to the resource, including
* the initial /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*/
public void setAuthorizerUri(String authorizerUri) {
this.authorizerUri = authorizerUri;
}
/**
*
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST
* authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where
* {region} is the same as the region hosting the Lambda function, path indicates that the
* remaining substring in the URI should be treated as the path to the resource, including the initial
* /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*
*
* @return Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or
* REQUEST authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api},
* where {region} is the same as the region hosting the Lambda function, path
* indicates that the remaining substring in the URI should be treated as the path to the resource,
* including the initial /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*/
public String getAuthorizerUri() {
return this.authorizerUri;
}
/**
*
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST
* authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where
* {region} is the same as the region hosting the Lambda function, path indicates that the
* remaining substring in the URI should be treated as the path to the resource, including the initial
* /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
*
*
* @param authorizerUri
* Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or
* REQUEST authorizers, this must be a well-formed Lambda function URI, for example,
* arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
* . In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api},
* where {region} is the same as the region hosting the Lambda function, path
* indicates that the remaining substring in the URI should be treated as the path to the resource, including
* the initial /. For Lambda functions, this is usually of the form
* /2015-03-31/functions/[FunctionARN]/invocations.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withAuthorizerUri(String authorizerUri) {
setAuthorizerUri(authorizerUri);
return this;
}
/**
*
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM
* role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on
* the Lambda function, specify null.
*
*
* @param authorizerCredentials
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an
* IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based
* permissions on the Lambda function, specify null.
*/
public void setAuthorizerCredentials(String authorizerCredentials) {
this.authorizerCredentials = authorizerCredentials;
}
/**
*
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM
* role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on
* the Lambda function, specify null.
*
*
* @return Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an
* IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based
* permissions on the Lambda function, specify null.
*/
public String getAuthorizerCredentials() {
return this.authorizerCredentials;
}
/**
*
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM
* role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on
* the Lambda function, specify null.
*
*
* @param authorizerCredentials
* Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an
* IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based
* permissions on the Lambda function, specify null.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withAuthorizerCredentials(String authorizerCredentials) {
setAuthorizerCredentials(authorizerCredentials);
return this;
}
/**
*
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression
* for the custom header holding the authorization token submitted by the client. For example, if the token header
* name is Auth, the header mapping expression is method.request.header.Auth. For the
* REQUEST authorizer, this is required when authorization caching is enabled. The value is a
* comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an
* Auth header, a Name query string parameter are defined as identity sources, this value
* is method.request.header.Auth, method.request.querystring.Name. These parameters will
* be used to derive the authorization caching key and to perform runtime validation of the REQUEST
* authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only
* when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401
* Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping
* expressions of the specified request parameters. When the authorization caching is not enabled, this property is
* optional.
*
*
* @param identitySource
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping
* expression for the custom header holding the authorization token submitted by the client. For example, if
* the token header name is Auth, the header mapping expression is
* method.request.header.Auth. For the REQUEST authorizer, this is required when
* authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions
* of the specified request parameters. For example, if an Auth header, a Name
* query string parameter are defined as identity sources, this value is
* method.request.header.Auth, method.request.querystring.Name. These parameters
* will be used to derive the authorization caching key and to perform runtime validation of the
* REQUEST authorizer by verifying all of the identity-related request parameters are present,
* not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function,
* otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is
* a string of comma-separated mapping expressions of the specified request parameters. When the
* authorization caching is not enabled, this property is optional.
*/
public void setIdentitySource(String identitySource) {
this.identitySource = identitySource;
}
/**
*
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression
* for the custom header holding the authorization token submitted by the client. For example, if the token header
* name is Auth, the header mapping expression is method.request.header.Auth. For the
* REQUEST authorizer, this is required when authorization caching is enabled. The value is a
* comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an
* Auth header, a Name query string parameter are defined as identity sources, this value
* is method.request.header.Auth, method.request.querystring.Name. These parameters will
* be used to derive the authorization caching key and to perform runtime validation of the REQUEST
* authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only
* when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401
* Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping
* expressions of the specified request parameters. When the authorization caching is not enabled, this property is
* optional.
*
*
* @return The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping
* expression for the custom header holding the authorization token submitted by the client. For example, if
* the token header name is Auth, the header mapping expression is
* method.request.header.Auth. For the REQUEST authorizer, this is required when
* authorization caching is enabled. The value is a comma-separated string of one or more mapping
* expressions of the specified request parameters. For example, if an Auth header, a
* Name query string parameter are defined as identity sources, this value is
* method.request.header.Auth, method.request.querystring.Name. These parameters
* will be used to derive the authorization caching key and to perform runtime validation of the
* REQUEST authorizer by verifying all of the identity-related request parameters are present,
* not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function,
* otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is
* a string of comma-separated mapping expressions of the specified request parameters. When the
* authorization caching is not enabled, this property is optional.
*/
public String getIdentitySource() {
return this.identitySource;
}
/**
*
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression
* for the custom header holding the authorization token submitted by the client. For example, if the token header
* name is Auth, the header mapping expression is method.request.header.Auth. For the
* REQUEST authorizer, this is required when authorization caching is enabled. The value is a
* comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an
* Auth header, a Name query string parameter are defined as identity sources, this value
* is method.request.header.Auth, method.request.querystring.Name. These parameters will
* be used to derive the authorization caching key and to perform runtime validation of the REQUEST
* authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only
* when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401
* Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping
* expressions of the specified request parameters. When the authorization caching is not enabled, this property is
* optional.
*
*
* @param identitySource
* The identity source for which authorization is requested. For a TOKEN or
* COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping
* expression for the custom header holding the authorization token submitted by the client. For example, if
* the token header name is Auth, the header mapping expression is
* method.request.header.Auth. For the REQUEST authorizer, this is required when
* authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions
* of the specified request parameters. For example, if an Auth header, a Name
* query string parameter are defined as identity sources, this value is
* method.request.header.Auth, method.request.querystring.Name. These parameters
* will be used to derive the authorization caching key and to perform runtime validation of the
* REQUEST authorizer by verifying all of the identity-related request parameters are present,
* not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function,
* otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is
* a string of comma-separated mapping expressions of the specified request parameters. When the
* authorization caching is not enabled, this property is optional.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withIdentitySource(String identitySource) {
setIdentitySource(identitySource);
return this;
}
/**
*
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is a
* regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud
* field of the incoming token from the client against the specified regular expression. It will invoke the
* authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without
* calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.
*
*
* @param identityValidationExpression
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is
* a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the
* aud field of the incoming token from the client against the specified regular expression. It
* will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401
* Unauthorized response without calling the Lambda function. The validation expression does not apply to the
* REQUEST authorizer.
*/
public void setIdentityValidationExpression(String identityValidationExpression) {
this.identityValidationExpression = identityValidationExpression;
}
/**
*
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is a
* regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud
* field of the incoming token from the client against the specified regular expression. It will invoke the
* authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without
* calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.
*
*
* @return A validation expression for the incoming identity token. For TOKEN authorizers, this value
* is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the
* aud field of the incoming token from the client against the specified regular expression. It
* will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401
* Unauthorized response without calling the Lambda function. The validation expression does not apply to
* the REQUEST authorizer.
*/
public String getIdentityValidationExpression() {
return this.identityValidationExpression;
}
/**
*
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is a
* regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud
* field of the incoming token from the client against the specified regular expression. It will invoke the
* authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without
* calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.
*
*
* @param identityValidationExpression
* A validation expression for the incoming identity token. For TOKEN authorizers, this value is
* a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the
* aud field of the incoming token from the client against the specified regular expression. It
* will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401
* Unauthorized response without calling the Lambda function. The validation expression does not apply to the
* REQUEST authorizer.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withIdentityValidationExpression(String identityValidationExpression) {
setIdentityValidationExpression(identityValidationExpression);
return this;
}
/**
*
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is
* greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300.
* The maximum value is 3600, or 1 hour.
*
*
* @param authorizerResultTtlInSeconds
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it
* is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default
* value is 300. The maximum value is 3600, or 1 hour.
*/
public void setAuthorizerResultTtlInSeconds(Integer authorizerResultTtlInSeconds) {
this.authorizerResultTtlInSeconds = authorizerResultTtlInSeconds;
}
/**
*
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is
* greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300.
* The maximum value is 3600, or 1 hour.
*
*
* @return The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it
* is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default
* value is 300. The maximum value is 3600, or 1 hour.
*/
public Integer getAuthorizerResultTtlInSeconds() {
return this.authorizerResultTtlInSeconds;
}
/**
*
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is
* greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300.
* The maximum value is 3600, or 1 hour.
*
*
* @param authorizerResultTtlInSeconds
* The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it
* is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default
* value is 300. The maximum value is 3600, or 1 hour.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public Authorizer withAuthorizerResultTtlInSeconds(Integer authorizerResultTtlInSeconds) {
setAuthorizerResultTtlInSeconds(authorizerResultTtlInSeconds);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getId() != null)
sb.append("Id: ").append(getId()).append(",");
if (getName() != null)
sb.append("Name: ").append(getName()).append(",");
if (getType() != null)
sb.append("Type: ").append(getType()).append(",");
if (getProviderARNs() != null)
sb.append("ProviderARNs: ").append(getProviderARNs()).append(",");
if (getAuthType() != null)
sb.append("AuthType: ").append(getAuthType()).append(",");
if (getAuthorizerUri() != null)
sb.append("AuthorizerUri: ").append(getAuthorizerUri()).append(",");
if (getAuthorizerCredentials() != null)
sb.append("AuthorizerCredentials: ").append(getAuthorizerCredentials()).append(",");
if (getIdentitySource() != null)
sb.append("IdentitySource: ").append(getIdentitySource()).append(",");
if (getIdentityValidationExpression() != null)
sb.append("IdentityValidationExpression: ").append(getIdentityValidationExpression()).append(",");
if (getAuthorizerResultTtlInSeconds() != null)
sb.append("AuthorizerResultTtlInSeconds: ").append(getAuthorizerResultTtlInSeconds());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof Authorizer == false)
return false;
Authorizer other = (Authorizer) obj;
if (other.getId() == null ^ this.getId() == null)
return false;
if (other.getId() != null && other.getId().equals(this.getId()) == false)
return false;
if (other.getName() == null ^ this.getName() == null)
return false;
if (other.getName() != null && other.getName().equals(this.getName()) == false)
return false;
if (other.getType() == null ^ this.getType() == null)
return false;
if (other.getType() != null && other.getType().equals(this.getType()) == false)
return false;
if (other.getProviderARNs() == null ^ this.getProviderARNs() == null)
return false;
if (other.getProviderARNs() != null && other.getProviderARNs().equals(this.getProviderARNs()) == false)
return false;
if (other.getAuthType() == null ^ this.getAuthType() == null)
return false;
if (other.getAuthType() != null && other.getAuthType().equals(this.getAuthType()) == false)
return false;
if (other.getAuthorizerUri() == null ^ this.getAuthorizerUri() == null)
return false;
if (other.getAuthorizerUri() != null && other.getAuthorizerUri().equals(this.getAuthorizerUri()) == false)
return false;
if (other.getAuthorizerCredentials() == null ^ this.getAuthorizerCredentials() == null)
return false;
if (other.getAuthorizerCredentials() != null && other.getAuthorizerCredentials().equals(this.getAuthorizerCredentials()) == false)
return false;
if (other.getIdentitySource() == null ^ this.getIdentitySource() == null)
return false;
if (other.getIdentitySource() != null && other.getIdentitySource().equals(this.getIdentitySource()) == false)
return false;
if (other.getIdentityValidationExpression() == null ^ this.getIdentityValidationExpression() == null)
return false;
if (other.getIdentityValidationExpression() != null && other.getIdentityValidationExpression().equals(this.getIdentityValidationExpression()) == false)
return false;
if (other.getAuthorizerResultTtlInSeconds() == null ^ this.getAuthorizerResultTtlInSeconds() == null)
return false;
if (other.getAuthorizerResultTtlInSeconds() != null && other.getAuthorizerResultTtlInSeconds().equals(this.getAuthorizerResultTtlInSeconds()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getId() == null) ? 0 : getId().hashCode());
hashCode = prime * hashCode + ((getName() == null) ? 0 : getName().hashCode());
hashCode = prime * hashCode + ((getType() == null) ? 0 : getType().hashCode());
hashCode = prime * hashCode + ((getProviderARNs() == null) ? 0 : getProviderARNs().hashCode());
hashCode = prime * hashCode + ((getAuthType() == null) ? 0 : getAuthType().hashCode());
hashCode = prime * hashCode + ((getAuthorizerUri() == null) ? 0 : getAuthorizerUri().hashCode());
hashCode = prime * hashCode + ((getAuthorizerCredentials() == null) ? 0 : getAuthorizerCredentials().hashCode());
hashCode = prime * hashCode + ((getIdentitySource() == null) ? 0 : getIdentitySource().hashCode());
hashCode = prime * hashCode + ((getIdentityValidationExpression() == null) ? 0 : getIdentityValidationExpression().hashCode());
hashCode = prime * hashCode + ((getAuthorizerResultTtlInSeconds() == null) ? 0 : getAuthorizerResultTtlInSeconds().hashCode());
return hashCode;
}
@Override
public Authorizer clone() {
try {
return (Authorizer) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.apigateway.model.transform.AuthorizerMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}