适用于S3的AWS Java SDK中的SignatureDoesNotMatch [英] SignatureDoesNotMatch in AWS Java SDK for S3

问题描述

我有一个属于另一个帐户的存储桶. 使用AWS CLI，我可以访问(列出和读取对象)此存储桶. 例如:

I have a bucket belonging to another account. Using the AWS CLI I am able to access (list and read objects) this bucket. For example:

aws s3 ls s3://somebucket/foo/bar

列出对象.

尝试使用Java SDK(在Scala中)重新创建相同的对象，但出现上述异常(SignatureDoesNotMatch).

Trying to recreate the same using the Java SDK (in Scala) I am getting the above exception (SignatureDoesNotMatch).

这是代码:

package com.myco.sample

class TestCase() {
    val credentials = new com.amazonaws.auth.BasicAWSCredentials(
        "ACCESS_KEY_ID", 
        "SECRET_ACCESS_KEY"
    )
    val s3 = new com.amazonaws.services.s3.AmazonS3Client(credentials)
    val endpoint = "somebucket.s3-us-west-2.amazonaws.com"
    s3.setEndpoint(endpoint)

    try {
        val objs = s3.listObjects("foo/bar")
    } catch {
        case ace: com.amazonaws.services.s3.model.AmazonS3Exception => {
            println(ace.getAdditionalDetails)
        }
    }
}

对listObjects的调用将引发异常. 输出为:

The call to listObjects throws an exception. The output is:

com.amazonaws.services.s3.model.AmazonS3Exception: The request signature we calculated does not match the signature you provided. Check your key and signing method. (Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: XXXXXXXXX), S3 Extended Request ID: XXXXXXXXXXXXXXXXXXX=
{SignatureProvided=XXXXXXXXXXXXX=, StringToSign=Wed, 06 Jan 2016 04:32:38 GMT
/somebucket/foo/bar/, AWSAccessKeyId=XXXXXX, Error=XXXXXXXXXXXX=, StringToSignBytes=XXXXXXXXX}

当不提供上述端点时，出现另一个错误: The bucket you are attempting to access must be addressed using the specified endpoint

When not providing the endpoint as above, I am getting a different error: The bucket you are attempting to access must be addressed using the specified endpoint

设置端点后，我尝试了多种将"bucket"参数传递给listObjects的方法，所有这些方法均无效.

After setting the endpoint, I've tried multiple ways of passing the "bucket" parameter to listObjects, all of which didn't work.

不确定在幕后生成的签名为什么不正确.有什么想法吗?

Not sure why the signature that's being generated behind the scenes is incorrect. Any ideas?

推荐答案

就我而言，在升级maven依赖项后，我的代码没有更改(因此凭据正确且未更改)，发生了SignatureDoesNotMatch错误.将依赖项org.apache.httpcomponents:httpclient从版本4.5.6升级到4.5.7(实际上是将Spring Boot从2.1.2升级到2.1.3，并且bom已指定httpclient版本)之后，代码成为抛出异常同时执行诸如AmazonS3.getObject之类的某些AWS开发工具包S3请求.

In my case, SignatureDoesNotMatch error occurred after upgraded maven dependencies without changes in my code (so credentials are correct and were not changed). After upgrading dependency org.apache.httpcomponents:httpclient from version 4.5.6 to 4.5.7 (actually it was upgrade of Spring Boot from 2.1.2 to 2.1.3, and there bom has specified httpclient version), code became throw exceptions while doing some AWS SDK S3 requests like AmazonS3.getObject.

深入研究根本原因后，我发现httpclient库确实使用规范化URI破坏了更改，从而影响了Java AWS SDK S3.请查看打开的GitHub票证 org.apache.httpcomponents:httpclient:4.5.获取更多S3对象的7个中断.

After digging into the root cause, I found that httpclient library did breaking changes with normalized URI, that affected Java AWS SDK S3. Please take a look for opened GitHub ticket org.apache.httpcomponents:httpclient:4.5.7 breaks fetching S3 objects for more details.

这篇关于适用于S3的AWS Java SDK中的SignatureDoesNotMatch的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！