AWS S3 Post对象拒绝多余的表单字段 [英] AWS S3 Post Object Rejects Extra Form Fields
问题描述
我正在尝试将上传的图像的存储类别设置为AWS S3存储桶.除了将存储类添加到请求中,我可以正常工作. S3发布对象文档指出可以输入表单名为"x-amz-storage-class"的字段;但添加它或任何其他字段会引发AWS错误,表明该帖子的输入字段太多.我尝试将其添加到对象策略中,但这会导致策略错误:策略条件失败:["eq","$ x-amz-storage-class","ONEZONE_IA"]".我正在使用JSP,并且表单的输入字段如下所示.任何帮助将不胜感激.
I'm trying to set the storage class of an uploaded image to an AWS S3 bucket. I have it working except for adding the storage class to the request. The S3 Post Object Documentation states there can be a form input field named "x-amz-storage-class" but adding it, or any other field, throws an AWS error indicating that there are too many input fields for the post. I tried adding it to the object policy but that causes an Policy error: "Policy Condition failed: ["eq", "$x-amz-storage-class", "ONEZONE_IA"]". I'm using JSP and the form's input fields are shown below. Any help would be appreciated.
<input type="hidden" name="key" value="<%= imageFileName %>">
<input type="hidden" name="AWSAccessKeyId" value="<%= S3AccessKeyId %>">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value="<%= s3SuccessAction %>">
<input type="hidden" name="policy" value="<%= encPolicy %>" >
<input type="hidden" name="signature" value="<%= signature %>" >
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="x-amz-storage-class" value="ONEZONE_IA"> ***** CAUSES ERROR ****
错误:
Invalid according to Policy: Policy Condition failed: ["eq", "$x-amz-storage-class", "STANDARD_IA"]
<Error>
<Code>AccessDenied</Code>
<Message>
Invalid according to Policy: Extra input fields: x-amz-storage-class
</Message>
<RequestId>1104FC046523752C</RequestId>
<HostId>
m0xPpMKJqBG6kZsdQfl/RY92dHprnvtGtrijHLqVtieM51ew+Mkp0mXGbTwKM7OsoUq6ZZUVIc0=
</HostId>
</Error>
推荐答案
我现在正在执行此操作.该策略的字段必须与表单上的字段匹配."x-amz-storage-class"必须同时添加到表单字段和策略中.我的猜测是,出于安全原因对已编码策略进行了签名,这使其变得安全,并且表单字段必须与策略字段匹配,以确保未更改它们.为什么两者都需要却超出了我.更正后的代码如下:
I have this working now. The policy has fields that must match the fields on the form. "x-amz-storage-class" has to be added to both the form fields and policy. My guess is the encoded policy is signed for security reasons which makes it secure and the form fields must match the policy fields to ensure they weren't changed. Why both are needed is beyond me. Corrected code is below:
<fieldset>
<input type="hidden" name="key" value="<%= imageFileName %>">
<input type="hidden" name="AWSAccessKeyId" value="<%= S3AccessKeyId %>">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value="<%= s3SuccessAction %>">
<input type="hidden" name="policy" value="<%= encPolicy %>" >
<input type="hidden" name="signature" value="<%= signature %>" >
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="x-amz-storage-class" value="ONEZONE_IA">
public static String encodeS3Policy(String s3SuccessAction, String bucket) throws Exception
{
String policy =
"{\"expiration\": \"2040-01-01T00:00:00Z\"," +
"\"conditions\": [" +
"{\"bucket\": \"" + bucket + "\"}," +
"[\"starts-with\", \"$key\", \"\"]," +
"{\"acl\": \"private\"}," +
"{\"success_action_redirect\": \"" + s3SuccessAction + "\"}," +
"[\"starts-with\", \"$Content-Type\", \"\"]," +
"{\"x-amz-storage-class\": \"ONEZONE_IA\"}," +
"[\"content-length-range\", 0, 10485760]" + // 10 MB max file up load
"]" +
"}";
policy.replaceAll("\n","").replaceAll("\r","");
// Encode the policy
String encPolicy = Base64.getEncoder().encodeToString(policy.getBytes("UTF-8"));
return encPolicy;
}
出于完整性考虑(因为不明显),存储类的值为:
For completeness and because its not obvious, the storage class values are:
Default: STANDARD
STANDARD | REDUCED_REDUNDANCY | GLACIER | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | DEEP_ARCHIVE
这篇关于AWS S3 Post对象拒绝多余的表单字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
