List of usage examples for com.amazonaws.services.cloudfront.model TrustedSigners setEnabled
public void setEnabled(Boolean enabled)
Specifies whether you want to require viewers to use signed URLs to access the files specified by PathPattern
and TargetOriginId
.
From source file:org.duracloud.s3task.streaming.EnableStreamingTaskRunner.java
License:Apache License
public String performTask(String taskParameters) { EnableStreamingTaskParameters taskParams = EnableStreamingTaskParameters.deserialize(taskParameters); String spaceId = taskParams.getSpaceId(); boolean secure = taskParams.isSecure(); log.info("Performing " + TASK_NAME + " task on space " + spaceId + ". Secure streaming set to " + secure); // Will throw if bucket does not exist String bucketName = unwrappedS3Provider.getBucketName(spaceId); String domainName = null;//from ww w .j a va2 s .com String distId = null; String oaIdentityId = getOriginAccessId(); EnableStreamingTaskResult taskResult = new EnableStreamingTaskResult(); StreamingDistributionSummary existingDist = getExistingDistribution(bucketName); if (existingDist != null) { // There is an existing distribution // Ensure that this is not an attempt to change the security type // of this existing distribution boolean existingSecure = !existingDist.getTrustedSigners().getItems().isEmpty(); if ((secure && !existingSecure) || (!secure && existingSecure)) { throw new UnsupportedTaskException(TASK_NAME, "The space " + spaceId + " is already configured to stream as " + (secure ? "OPEN" : "SECURE") + " and cannot be updated to stream as " + (secure ? "SECURE" : "OPEN") + ". To do this, you must first execute the " + StorageTaskConstants.DELETE_STREAMING_TASK_NAME + " task."); } distId = existingDist.getId(); if (!existingDist.isEnabled()) { // Distribution is disabled, enable it setDistributionState(distId, true); } domainName = existingDist.getDomainName(); } else { // No existing distribution, need to create one S3Origin origin = new S3Origin(bucketName + S3_ORIGIN_SUFFIX, S3_ORIGIN_OAI_PREFIX + oaIdentityId); // Only include trusted signers on secure distributions TrustedSigners signers = new TrustedSigners(); if (secure) { signers.setItems(Collections.singletonList(cfAccountId)); signers.setEnabled(true); signers.setQuantity(1); } else { signers.setEnabled(false); signers.setQuantity(0); } StreamingDistribution dist = cfClient .createStreamingDistribution(new CreateStreamingDistributionRequest( new StreamingDistributionConfig().withCallerReference("" + System.currentTimeMillis()) .withS3Origin(origin).withEnabled(true) .withComment("Streaming space: " + spaceId).withTrustedSigners(signers))) .getStreamingDistribution(); domainName = dist.getDomainName(); } // Set bucket policy to accept origin access identity setBucketAccessPolicy(bucketName, oaIdentityId); // Update bucket tags to include streaming host Map<String, String> spaceProps = s3Provider.getSpaceProperties(spaceId); spaceProps.put(STREAMING_HOST_PROP, domainName); spaceProps.put(STREAMING_TYPE_PROP, secure ? STREAMING_TYPE.SECURE.name() : STREAMING_TYPE.OPEN.name()); unwrappedS3Provider.setNewSpaceProperties(spaceId, spaceProps); taskResult.setResult("Enable Streaming Task completed successfully"); // Return results taskResult.setStreamingHost(domainName); String toReturn = taskResult.serialize(); log.info("Result of " + TASK_NAME + " task: " + toReturn); return toReturn; }
From source file:org.duracloud.s3task.streaminghls.EnableHlsTaskRunner.java
License:Apache License
public String performTask(String taskParameters) { EnableStreamingTaskParameters taskParams = EnableStreamingTaskParameters.deserialize(taskParameters); String spaceId = taskParams.getSpaceId(); boolean secure = taskParams.isSecure(); List<String> allowedOrigins = taskParams.getAllowedOrigins(); log.info("Performing " + TASK_NAME + " task on space " + spaceId + ". Secure streaming set to " + secure); // Will throw if bucket does not exist String bucketName = unwrappedS3Provider.getBucketName(spaceId); String domainName = null;//from w w w . ja v a 2 s.c o m String distId = null; String oaIdentityId = getOriginAccessId(); EnableStreamingTaskResult taskResult = new EnableStreamingTaskResult(); DistributionSummary existingDist = getExistingDistribution(bucketName); if (existingDist != null) { // There is an existing distribution // Ensure that this is not an attempt to change the security type // of this existing distribution boolean existingSecure = !existingDist.getDefaultCacheBehavior().getTrustedSigners().getItems() .isEmpty(); if ((secure && !existingSecure) || (!secure && existingSecure)) { throw new UnsupportedTaskException(TASK_NAME, "The space " + spaceId + " is already configured to stream as " + (secure ? "OPEN" : "SECURE") + " and cannot be updated to stream as " + (secure ? "SECURE" : "OPEN") + ". To do this, you must first execute the " + StorageTaskConstants.DELETE_HLS_TASK_NAME + " task."); } distId = existingDist.getId(); if (!existingDist.isEnabled()) { // Distribution is disabled, enable it setDistributionState(distId, true); } domainName = existingDist.getDomainName(); } else { // No existing distribution, need to create one // Create S3 Origin S3OriginConfig s3OriginConfig = new S3OriginConfig() .withOriginAccessIdentity(S3_ORIGIN_OAI_PREFIX + oaIdentityId); Origin s3Origin = new Origin().withDomainName(bucketName + S3_ORIGIN_SUFFIX) .withS3OriginConfig(s3OriginConfig).withId("S3-" + bucketName); // Only include trusted signers on secure distributions TrustedSigners signers = new TrustedSigners(); if (secure) { signers.setItems(Collections.singletonList(cfAccountId)); signers.setEnabled(true); signers.setQuantity(1); } else { signers.setEnabled(false); signers.setQuantity(0); } DefaultCacheBehavior defaultCacheBehavior = new DefaultCacheBehavior(); defaultCacheBehavior.setTrustedSigners(signers); defaultCacheBehavior.setViewerProtocolPolicy(ViewerProtocolPolicy.RedirectToHttps); // Forwarding headers to support CORS, see: // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors defaultCacheBehavior.setAllowedMethods( new AllowedMethods().withItems(Method.GET, Method.HEAD, Method.OPTIONS).withQuantity(3)); defaultCacheBehavior.setForwardedValues(new ForwardedValues().withQueryString(false) .withCookies(new CookiePreference().withForward(ItemSelection.None)) .withHeaders(new Headers() .withItems("Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method") .withQuantity(3))); // Setting other cache behaviors required by the client defaultCacheBehavior.setMinTTL(0l); defaultCacheBehavior.setTargetOriginId(s3Origin.getId()); // Create origins list Origins origins; CacheBehaviors cacheBehaviors = new CacheBehaviors(); if (secure) { // Create Origin to allow signed cookies to be set through a CloudFront call CustomOriginConfig cookiesOriginConfig = new CustomOriginConfig() .withOriginProtocolPolicy(OriginProtocolPolicy.HttpsOnly).withHTTPPort(80) .withHTTPSPort(443); String getCookiesPath = "/durastore/aux"; String cookiesOriginId = "Custom origin - " + dcHost + getCookiesPath; Origin cookiesOrigin = new Origin().withDomainName(dcHost).withOriginPath(getCookiesPath) .withId(cookiesOriginId).withCustomOriginConfig(cookiesOriginConfig); origins = new Origins().withItems(s3Origin, cookiesOrigin).withQuantity(2); // Create behavior for cookies origin CookiePreference cookiePreference = new CookiePreference().withForward(ItemSelection.All); CacheBehavior cookiesCacheBehavior = new CacheBehavior().withPathPattern("/cookies") .withTargetOriginId(cookiesOriginId) .withViewerProtocolPolicy(ViewerProtocolPolicy.RedirectToHttps) .withAllowedMethods(new AllowedMethods().withItems(Method.GET, Method.HEAD).withQuantity(2)) .withForwardedValues( new ForwardedValues().withQueryString(true).withCookies(cookiePreference)) .withTrustedSigners(new TrustedSigners().withEnabled(false).withQuantity(0)).withMinTTL(0l); cacheBehaviors = cacheBehaviors.withItems(cookiesCacheBehavior).withQuantity(1); } else { origins = new Origins().withItems(s3Origin).withQuantity(1); } // Build distribution DistributionConfig distributionConfig = new DistributionConfig() .withCallerReference("" + System.currentTimeMillis()).withOrigins(origins).withEnabled(true) .withComment("HLS streaming for space: " + spaceId) .withDefaultCacheBehavior(defaultCacheBehavior); if (secure) { distributionConfig.setCacheBehaviors(cacheBehaviors); } Distribution dist = cfClient.createDistribution(new CreateDistributionRequest(distributionConfig)) .getDistribution(); domainName = dist.getDomainName(); } // Set bucket policy to accept origin access identity setBucketAccessPolicy(bucketName, oaIdentityId); // Set CORS policy on bucket setCorsPolicy(bucketName, allowedOrigins, dcHost); // Update bucket tags to include streaming host Map<String, String> spaceProps = s3Provider.getSpaceProperties(spaceId); spaceProps.put(HLS_STREAMING_HOST_PROP, domainName); spaceProps.put(HLS_STREAMING_TYPE_PROP, secure ? STREAMING_TYPE.SECURE.name() : STREAMING_TYPE.OPEN.name()); unwrappedS3Provider.setNewSpaceProperties(spaceId, spaceProps); taskResult.setResult(TASK_NAME + " task completed successfully"); // Return results taskResult.setStreamingHost(domainName); String toReturn = taskResult.serialize(); log.info("Result of " + TASK_NAME + " task: " + toReturn); return toReturn; }