如何解决Spring Cloud 使用 AWS BasicSessionCredentials 的自定义凭证提供程序
我正在尝试将我的 Spring Cloud 配置服务从本地连接到 AWS。我们的 AWS 配置要求我们使用 AWS 会话密钥以及访问密钥和秘密密钥。在我们要求使用会话密钥之前,这是有效的。但是,Spring AWS 库不支持 BasicSessionCredentials。
spring cloud aws 代码包含设置凭据提供程序的此文件: https://github.com/spring-cloud/spring-cloud-aws/blob/v2.2.5.RELEASE/spring-cloud-aws-context/src/main/java/org/springframework/cloud/aws/context/config/support/ContextConfigurationUtils.java
如您所见,它仅创建不包含会话密钥的 BasicAWSCredentials。所以我尝试创建自己的 bean 以这种方式覆盖默认行为:
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWsstaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.aws.core.credentials.CredentialsProviderfactorybean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
@Configuration
public class SpringCloudConfigAwsCredentials {
private String accessKey;
private String secretKey;
//Session key was added to the properties file
private String sessionKey;
public SpringCloudConfigAwsCredentials(
@Value("${cloud.aws.credentials.accessKey}") String accessKey,@Value("${cloud.aws.credentials.secretKey}") String secretKey,@Value("${cloud.aws.credentials.sessionKey}") String sessionKey) {
this.accessKey = accessKey;
this.secretKey = secretKey;
this.sessionKey = sessionKey;
}
@Primary
@Bean
//@Bean(name = CredentialsProviderfactorybean.CREDENTIALS_PROVIDER_BEAN_NAME)
public AWSCredentialsProvider credentialsProvider() {
BasicSessionCredentials cred = new BasicSessionCredentials(accessKey,secretKey,sessionKey);
return new AWsstaticCredentialsProvider(cred);
}
}
这不起作用。连接到 AWS 时出现此错误:
Caused by: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: AQKLPSPMJU2BHKOID0A2VUFLEBVV4KQNSO5AEMVJF66Q9ASUAAJG; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1811) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1395) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1371) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.844.jar!/:na]
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.doInvoke(AmazonDynamoDBClient.java:5136) ~[aws-java-sdk-dynamodb-1.11.844.jar!/:na]
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:5103) ~[aws-java-sdk-dynamodb-1.11.844.jar!/:na]
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.executeDescribeTable(AmazonDynamoDBClient.java:2000) ~[aws-java-sdk-dynamodb-1.11.844.jar!/:na]
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.describeTable(AmazonDynamoDBClient.java:1966) ~[aws-java-sdk-dynamodb-1.11.844.jar!/:na]
at com.amazonaws.services.dynamodbv2.document.Table.describe(Table.java:137) ~[aws-java-sdk-dynamodb-1.11.844.jar!/:na]
at org.springframework.integration.aws.Metadata.DynamoDbMetadataStore.isTableAvailable(DynamoDbMetadataStore.java:219) ~[spring-integration-aws-2.4.0.jar!/:na]
at org.springframework.integration.aws.Metadata.DynamoDbMetadataStore.afterPropertiesSet(DynamoDbMetadataStore.java:153) ~[spring-integration-aws-2.4.0.jar!/:na]
at org.springframework.beans.factory.support.AbstractAutowireCapablebeanfactory.invokeInitMethods(AbstractAutowireCapablebeanfactory.java:1847) ~[spring-beans-5.3.2.jar!/:5.3.2]
at org.springframework.beans.factory.support.AbstractAutowireCapablebeanfactory.initializeBean(AbstractAutowireCapablebeanfactory.java:1784) ~[spring-beans-5.3.2.jar!/:5.3.2]
... 76 common frames omitted
当我调试这个并单步进入 AmazonDynamoDBClient(在 com.amazonaws:aws-java-sdk-dynamodb 代码中)时,凭证提供程序是 BasicAWSCredentials 而不是 BasicSessionCredentials。
所以我的问题是我做错了什么?或者我应该做什么?如果我需要提供更多信息,请告诉我。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。