适用于S3的AWS Java SDK中的SignatureDoesNotMatch [英] SignatureDoesNotMatch in AWS Java SDK for S3
问题描述
我有一个属于另一个帐户的存储桶. 使用AWS CLI,我可以访问(列出和读取对象)此存储桶. 例如:
I have a bucket belonging to another account. Using the AWS CLI I am able to access (list and read objects) this bucket. For example:
aws s3 ls s3://somebucket/foo/bar
列出对象.
尝试使用Java SDK(在Scala中)重新创建相同的对象,但出现上述异常(SignatureDoesNotMatch).
Trying to recreate the same using the Java SDK (in Scala) I am getting the above exception (SignatureDoesNotMatch).
这是代码:
package com.myco.sample
class TestCase() {
val credentials = new com.amazonaws.auth.BasicAWSCredentials(
"ACCESS_KEY_ID",
"SECRET_ACCESS_KEY"
)
val s3 = new com.amazonaws.services.s3.AmazonS3Client(credentials)
val endpoint = "somebucket.s3-us-west-2.amazonaws.com"
s3.setEndpoint(endpoint)
try {
val objs = s3.listObjects("foo/bar")
} catch {
case ace: com.amazonaws.services.s3.model.AmazonS3Exception => {
println(ace.getAdditionalDetails)
}
}
}
对listObjects的调用将引发异常. 输出为:
The call to listObjects throws an exception. The output is:
com.amazonaws.services.s3.model.AmazonS3Exception: The request signature we calculated does not match the signature you provided. Check your key and signing method. (Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: XXXXXXXXX), S3 Extended Request ID: XXXXXXXXXXXXXXXXXXX=
{SignatureProvided=XXXXXXXXXXXXX=, StringToSign=Wed, 06 Jan 2016 04:32:38 GMT
/somebucket/foo/bar/, AWSAccessKeyId=XXXXXX, Error=XXXXXXXXXXXX=, StringToSignBytes=XXXXXXXXX}
当不提供上述端点时,出现另一个错误:
The bucket you are attempting to access must be addressed using the specified endpoint
When not providing the endpoint as above, I am getting a different error:
The bucket you are attempting to access must be addressed using the specified endpoint
设置端点后,我尝试了多种将"bucket"参数传递给listObjects的方法,所有这些方法均无效.
After setting the endpoint, I've tried multiple ways of passing the "bucket" parameter to listObjects, all of which didn't work.
不确定在幕后生成的签名为什么不正确.有什么想法吗?
Not sure why the signature that's being generated behind the scenes is incorrect. Any ideas?
推荐答案
就我而言,在升级maven依赖项后,我的代码没有更改(因此凭据正确且未更改),发生了SignatureDoesNotMatch
错误.将依赖项org.apache.httpcomponents:httpclient
从版本4.5.6
升级到4.5.7
(实际上是将Spring Boot
从2.1.2
升级到2.1.3
,并且bom
已指定httpclient
版本)之后,代码成为抛出异常同时执行诸如AmazonS3.getObject
之类的某些AWS开发工具包S3请求.
In my case, SignatureDoesNotMatch
error occurred after upgraded maven dependencies without changes in my code (so credentials are correct and were not changed). After upgrading dependency org.apache.httpcomponents:httpclient
from version 4.5.6
to 4.5.7
(actually it was upgrade of Spring Boot
from 2.1.2
to 2.1.3
, and there bom
has specified httpclient
version), code became throw exceptions while doing some AWS SDK S3 requests like AmazonS3.getObject
.
深入研究根本原因后,我发现httpclient
库确实使用规范化URI破坏了更改,从而影响了Java AWS SDK S3.请查看打开的GitHub票证 org.apache.httpcomponents:httpclient:4.5.获取更多S3对象的7个中断.
After digging into the root cause, I found that httpclient
library did breaking changes with normalized URI, that affected Java AWS SDK S3. Please take a look for opened GitHub ticket org.apache.httpcomponents:httpclient:4.5.7 breaks fetching S3 objects for more details.
这篇关于适用于S3的AWS Java SDK中的SignatureDoesNotMatch的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!