Interface HttpSigner<IdentityT extends Identity>

Type Parameters:

IdentityT - The type of the identity.

All Known Subinterfaces:

AwsV4aHttpSigner, AwsV4FamilyHttpSigner<T>, AwsV4HttpSigner, BearerHttpSigner

All Known Implementing Classes:

DefaultAwsCrtV4aHttpSigner, DefaultAwsV4HttpSigner, DefaultBearerHttpSigner, DefaultS3ExpressHttpSigner, DpopSigner, NoOpHttpSigner

@SdkPublicApi
public interface HttpSigner<IdentityT extends Identity>

Interface for the process of modifying a request destined for a service so that the service can authenticate the SDK customer’s identity.

You can configure the signer by first implementing a custom AuthScheme returning this signer and then configuring the AuthSchemes on the client builder via SdkClientBuilder#putAuthScheme(AuthScheme).

Example - Custom signer implementation:

S3AsyncClient s3 = S3AsyncClient.builder()
                                .region(Region.US_WEST_2)
                                .credentialsProvider(CREDENTIALS)
                                .putAuthScheme(new CustomSigV4AuthScheme())
                                .build();

public class CustomSigV4AuthScheme implements AwsV4AuthScheme {
    @Override
    public String schemeId() {
        return AwsV4AuthScheme.SCHEME_ID;
    }

    @Override
    public IdentityProvider<AwsCredentialsIdentity> identityProvider(IdentityProviders providers) {
        return providers.identityProvider(AwsCredentialsIdentity.class);
    }

    @Override
    public AwsV4HttpSigner signer() {
        return new CustomSigV4Signer();
    }

    private class CustomSigV4Signer implements AwsV4HttpSigner {
        @Override
        public SignedRequest sign(SignRequest<? extends AwsCredentialsIdentity> request) {
            // Custom implementation
        }

        @Override
        public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends AwsCredentialsIdentity> request) {
            // Custom implementation
        }
    }
}

When to Use Each Approach

• Use custom AuthSchemeProvider when you only need to override signing properties (service name, region, etc.). See AuthSchemeProvider for examples.
• Use custom HttpSigner when you need to change the signing algorithm or logic itself.

Field Summary

Fields

Modifier and Type	Field	Description
static final SignerProperty<Clock>	SIGNING_CLOCK	A Clock to be used to derive the signing time.

Method Summary

Modifier and Type	Method	Description
default <T extends Identity> HttpSigner<T>	doNotSign()	Retrieve a signer that returns the input message, without signing.
default SignedRequest	sign(Consumer<SignRequest.Builder<IdentityT>> consumer)	Method that takes in inputs to sign a request with sync payload and returns a signed version of the request.
SignedRequest	sign(SignRequest<? extends IdentityT> request)	Method that takes in inputs to sign a request with sync payload and returns a signed version of the request.
default CompletableFuture<AsyncSignedRequest>	signAsync(Consumer<AsyncSignRequest.Builder<IdentityT>> consumer)	Method that takes in inputs to sign a request with async payload and returns a future containing the signed version of the request.
CompletableFuture<AsyncSignedRequest>	signAsync(AsyncSignRequest<? extends IdentityT> request)	Method that takes in inputs to sign a request with async payload and returns a future containing the signed version of the request.

Field Details

SIGNING_CLOCK

static final SignerProperty<Clock> SIGNING_CLOCK

A Clock to be used to derive the signing time. This property defaults to the system clock.

Note, signing time may not be relevant to some signers.

Method Details

doNotSign

default <T extends Identity> HttpSigner<T> doNotSign()

Retrieve a signer that returns the input message, without signing.

sign

SignedRequest sign(SignRequest<? extends IdentityT> request)

Method that takes in inputs to sign a request with sync payload and returns a signed version of the request.

Parameters:

request - The inputs to sign a request.

Returns:

A signed version of the request.

sign

default SignedRequest sign(Consumer<SignRequest.Builder<IdentityT>> consumer)

Method that takes in inputs to sign a request with sync payload and returns a signed version of the request.

Similar to sign(SignRequest), but takes a lambda to configure a new SignRequest.Builder. This removes the need to call

invalid reference

SignRequest#builder(IdentityT)

} and SdkBuilder.build().

Parameters:

consumer - A Consumer to which an empty SignRequest.Builder will be given.

Returns:

A signed version of the request.

signAsync

CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends IdentityT> request)

Method that takes in inputs to sign a request with async payload and returns a future containing the signed version of the request.

Parameters:

request - The inputs to sign a request.

Returns:

A future containing the signed version of the request.

signAsync

default CompletableFuture<AsyncSignedRequest> signAsync(Consumer<AsyncSignRequest.Builder<IdentityT>> consumer)

Method that takes in inputs to sign a request with async payload and returns a future containing the signed version of the request.

Similar to signAsync(AsyncSignRequest), but takes a lambda to configure a new AsyncSignRequest.Builder. This removes the need to call

invalid reference

AsyncSignRequest#builder(IdentityT)

} and SdkBuilder.build().

Parameters:

consumer - A Consumer to which an empty BaseSignRequest.Builder will be given.

Returns:

A future containing the signed version of the request.