create AmazonHttpClient in a protected environment which does not allow getEnv calls

Question

Switching from version 1.11.700 to 1.11.908 of AWS SDK one of our libraries is now unable to work in a protected environment. More specifically the new SDK version has changed ClientConfiguration so that it now instantiates a RetryPolicy by checking env vars.

Unfortunately we're going to deploy this library into an environment which forbids (SecurityManager in place) access to the env vars. This means that all our code which depends on a AmazonHttpClient is not usable anymore because:

• in order to instantiate an AmazonHttpClient you must pass in a valid ClientConfiguration (null is not accepted)
• in order to create a valid ClientConfiguration you need to be able to read env vars

here is the stack trace:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.AWS_RETRY_MODE")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:886)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.boomi.security.ExtendedSecurityManager.checkPermissionImpl(ExtendedSecurityManager.java:207)
    at com.boomi.security.ExtendedSecurityManager.checkPermission(ExtendedSecurityManager.java:114)
    at java.lang.System.getenv(System.java:894)
    at com.amazonaws.retry.internal.RetryModeResolver.envVar(RetryModeResolver.java:67)
    at com.amazonaws.retry.internal.RetryModeResolver.resolveRetryMode(RetryModeResolver.java:72)
    at com.amazonaws.retry.internal.RetryModeResolver.<init>(RetryModeResolver.java:46)
    at com.amazonaws.retry.RetryPolicy.<clinit>(RetryPolicy.java:35)
    at com.amazonaws.retry.PredefinedRetryPolicies.<clinit>(PredefinedRetryPolicies.java:30)
    at com.amazonaws.ClientConfiguration.<clinit>(ClientConfiguration.java:89)

None of the options we come up with does apply to this scenario:

• Subclassing ClientConfiguration to suppress exception: cannot try-catch the call to the super() constructor
• ClientConfiguration is a class thus we don't have an interface to implement
• java.policy cannot be modified to allow access to the property: the environment is not within our control
• exception is being thrown from rather then from thus it's not even related to a single object...

Answer 1

Looks like there is a builder() for AmazonHttpClient, so perhaps IF you set the retryPolicy on the builder, the ClientConfiguration wont look for a retryPolicy.

https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/http/AmazonHttpClient.Builder.html

---------------- Another option:

We can see in the official SDK code that ClientConfiguration() constructor can take another ClientConfiguration so create a custom one using extends.

   public class ClientConfigurationByPassingSecurity extends ClientConfiguration{
    
        @Override
        public RetryPolicy getRetryPolicy(){
           return xx;
        }
    
   }

//Create your AmazonHttpClient passing this custom

ClientConfiguration customClientConfiguration = new ClientConfigurationByPassingSecurity ();

ClientConfiguration clientConfig = new ClientConfiguration(customClientConfiguration);


new AmazonHttpClient(clientConfig);

Override any method that fails due to getVars.