chore: remove springboot3 support and rearrange multi-value headers

.github/workflows/continuous-integration-workflow.yml

@@ -65,25 +65,6 @@ jobs:
 #      - name: Build with Spring 6.0.x
 #        run: ./gha_build.sh spring false false -Dspring.version=6.0.16 -Dspring-security.version=6.1.10 -Ddependency-check.skip=true
 
-  build_springboot3:
-    name: Build and test SpringBoot 3
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up JDK 17
-        uses: actions/setup-java@v3
-        with:
-          distribution: 'corretto'
-          java-version: 17
-      - name: Build latest
-        run: ./gha_build.sh springboot3 true true
-      # Build with additional supported versions https://spring.io/projects/spring-boot#support
-      - name: Build with Spring Boot 3.1.x
-        run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.1.12 -Dspring.version=6.0.21 -Dspringsecurity.version=6.1.9 -Ddependency-check.skip=true
-      - name: Build with Spring Boot 3.2.x
-        run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.2.7 -Dspring.version=6.1.10 -Dspringsecurity.version=6.2.5 -Ddependency-check.skip=true
-      - name: Build with Spring Boot 3.3.x
-        run: ./gha_build.sh springboot3 false false -Dspringboot.version=3.3.6 -Dspring.version=6.1.15 -Dspringsecurity.version=6.3.5 -Ddependency-check.skip=true
 
   build_springboot4:
     name: Build and test SpringBoot 4

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java

@@ -87,7 +87,7 @@ public Principal getUserPrincipal() {
                     case API_GATEWAY:
                         return event.getRequestContext().getAuthorizer().getPrincipalId();
                     case ALB:
-                        return event.getMultiValueHeaders().getFirst(ALB_IDENTITY_HEADER);
+                        return event.getMultiValueHeaders().getLast(ALB_IDENTITY_HEADER);
                     }
                 } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                     // if we received credentials from Cognito Federated Identities then we return the identity id

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/MultiValuedTreeMap.java

@@ -61,6 +61,14 @@ public Value getFirst(Key key) {
         return values.get(0);
     }
 
+    public Value getLast(Key key) {
+        List<Value> values = get(key);
+        if (values == null || values.isEmpty()) {
+            return null;
+        }
+        return values.get(values.size() - 1);
+    }
+
     @Override
     public void putSingle(Key key, Value value) {
         List<Value> values = findKey(key);

aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContextTest.java

@@ -25,6 +25,12 @@ public class AwsProxySecurityContextTest {
             .header(ALB_ACESS_TOKEN_HEADER, "xxxxx")
             .header(ALB_IDENTITY_HEADER, COGNITO_IDENTITY_ID)
             .build();
+    private static final AwsProxyRequest ALB_REQUEST_MULTIPLE_HEADERS = new AwsProxyRequestBuilder("/hello", "GET")
+            .alb()
+            .header(ALB_ACESS_TOKEN_HEADER, "xxxxx")
+            .header(ALB_IDENTITY_HEADER, "test-identity")
+            .header(ALB_IDENTITY_HEADER, COGNITO_IDENTITY_ID)
+            .build();
 
     @Test
     void localVars_constructor_nullValues() {
@@ -71,6 +77,12 @@ void alb_cognitoAuth_expectCustomSchemeAndCorrectPrincipal() {
         assertEquals(COGNITO_IDENTITY_ID, context.getUserPrincipal().getName());
     }
 
+    @Test
+    void alb_multipleIdentityHeaders_usesLastValue() {
+        AwsProxySecurityContext context = new AwsProxySecurityContext(null, ALB_REQUEST_MULTIPLE_HEADERS);
+        assertEquals(COGNITO_IDENTITY_ID, context.getUserPrincipal().getName());
+    }
+
     @Test
     void userPool_getClaims_retrieveCustomClaim() {
         AwsProxySecurityContext context = new AwsProxySecurityContext(null, REQUEST_COGNITO_USER_POOL);