如何解决S3AsyncClient-删除授权标头
我正在尝试使用S3AsyncClient下载具有预签名URL的S3对象。但是,该请求仍会带有Authorization标头,其中包括使用与该特定S3实例(这是模拟AWS S3对象存储的Enterprise S3实例)不兼容的密码生成的签名。这将导致SSLException。当我在浏览器中或通过没有授权标头的邮递员发送请求时,URL有效。
我可以通过S3AsyncClient通过未经授权,x-amz-content-sha256和X-Amz-日期标头发送带有预签名URL的这种GET请求吗?
登录预签名URL:
Generating pre-signed URL.
Pre-Signed URL: https://<namespace>.<endpoint>/<bucket>/<key>?AWSAccessKeyId=<access-id>01&Expires=1600801209&Signature=......../..................=
HTTP请求的调试日志如下所示(我将注意到,预先签名的URL中的签名参数现在已编码并放置在其他参数之前,尽管在提取URL并发送GET请求时这似乎无关紧要):
GET /<bucket>/VADRUserGuide.docx?Signature=........%2F..................%3D&AWSAccessKeyId=<access-id>&Expires=1600801209 HTTP/1.1
Host: <namespace>.<endpoint>
amz-sdk-invocation-id: ........-....-....-....-............
amz-sdk-retry: 3/152/440
Authorization: AWS4-HMAC-SHA256 Credential=access-id>/20200922/us-east-1/s3/aws4_request,SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;authorization;host;x-amz-content-sha256;x-amz-date,Signature=.................................................
User-Agent: aws-sdk-java/2.10.86 Windows_10/10.0 Java_HotSpot_TM__64-Bit_Server_VM/25.191-b12 Java/1.8.0_191 vendor/Oracle_Corporation io/async http/UNKNOWN
x-amz-content-sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20200922T213232Z)
DownloadResource(源-https://github.com/eugenp/tutorials/blob/master/aws-reactive/src/main/java/com/baeldung/aws/reactive/s3/DownloadResource.java):
/**
* @author Philippe
*
*/
@RestController
@RequestMapping("/inbox")
@Slf4j
public class DownloadResource {
private final GeneratePresignedURL generatePresignedURL;
private final S3AsyncClient s3client;
private final S3ClientConfigurationProperties s3config;
public DownloadResource(S3AsyncClient s3client,S3ClientConfigurationProperties s3config,GeneratePresignedURL generatePresignedURL) {
this.s3client = s3client;
this.s3config = s3config;
this.generatePresignedURL = generatePresignedURL;
}
@GetMapping(path="/{filekey}")
public Mono<ResponseEntity<Flux<ByteBuffer>>> downloadFile(@PathVariable("filekey") String filekey) {
//generate pre-signed URL
final String url = generatePresignedURL.getPresignedUrl(filekey);
//extract signed URL params
final String pattern = "(\\?|\\&)([^=]+)\\=([^&]+)";
List<String> params = new ArrayList<>();
Matcher m = Pattern.compile(pattern)
.matcher(url);
while (m.find()) {
params.add(m.group());
}
final String[] p0 = params.get(0).substring(1).split("=",2);
final String[] p1 = params.get(1).substring(1).split("=",2);
final String[] p2 = params.get(2).substring(1).split("=",2);
//attach signed URL params via AwsRequestOverrideConfiguration
AwsRequestOverrideConfiguration overrideConfiguration = AwsRequestOverrideConfiguration.builder()
.putRawQueryParameter(p0[0],p0[1])
.putRawQueryParameter(p1[0],p1[1])
.putRawQueryParameter(p2[0],p2[1])
.build();
GetObjectRequest request = GetObjectRequest.builder()
.key(filekey)
.overrideConfiguration(overrideConfiguration)
.bucket(s3config.getBucket())
.build();
return Mono.fromFuture(s3client.getObject(request,new FluxResponseProvider()))
.map( (response) -> {
checkResult(response.sdkResponse);
String filename = getMetadataItem(response.sdkResponse,"filename",filekey);
log.info("[I65] filename={},length={}",filename,response.sdkResponse.contentLength() );
return ResponseEntity.ok()
.header(HttpHeaders.CONTENT_TYPE,response.sdkResponse.contentType())
.header(HttpHeaders.CONTENT_LENGTH,Long.toString(response.sdkResponse.contentLength()))
.header(HttpHeaders.CONTENT_DISPOSITION,"attachment; filename=\"" + filename + "\"")
.body(response.flux);
});
}
private void printRequestFields(GetObjectRequest request){
System.out.println("request fields:");
String[] parValues = new String[6];
Field[] fields = request.getClass().getDeclaredFields();
//print field names paired with their values
for ( Field field : fields ) {
try {
field.setAccessible(true);
System.out.println( field.getName() +": ");
//requires access to private field:
System.out.println( field.get(request) );
} catch ( IllegalAccessException ex ) {
System.out.println(ex);
}
}
}
/**
* Lookup a metadata key in a case-insensitive way.
* @param sdkResponse
* @param key
* @param defaultValue
* @return
*/
private String getMetadataItem(GetObjectResponse sdkResponse,String key,String defaultValue) {
for( Entry<String,String> entry : sdkResponse.metadata().entrySet()) {
if ( entry.getKey().equalsIgnoreCase(key)) {
return entry.getValue();
}
}
return defaultValue;
}
// Helper used to check return codes from an API call
private static void checkResult(GetObjectResponse response) {
SdkHttpResponse sdkResponse = response.sdkHttpResponse();
if ( sdkResponse != null && sdkResponse.isSuccessful()) {
return;
}
throw new DownloadFailedException(response);
}
static class FluxResponseProvider implements AsyncResponseTransformer<GetObjectResponse,FluxResponse> {
private FluxResponse response;
@Override
public CompletableFuture<FluxResponse> prepare() {
response = new FluxResponse();
return response.cf;
}
@Override
public void onResponse(GetObjectResponse sdkResponse) {
this.response.sdkResponse = sdkResponse;
}
@Override
public void onStream(SdkPublisher<ByteBuffer> publisher) {
response.flux = Flux.from(publisher);
response.cf.complete(response);
}
@Override
public void exceptionOccurred(Throwable error) {
response.cf.completeExceptionally(error);
}
}
/**
* Holds the API response and stream
* @author Philippe
*/
static class FluxResponse {
final CompletableFuture<FluxResponse> cf = new CompletableFuture<>();
GetObjectResponse sdkResponse;
Flux<ByteBuffer> flux;
}
}
S3AsyncClient的配置(如您所见,凭据提供程序已被注释掉):
@Configuration
@EnableConfigurationProperties(S3ClientConfigurationProperties.class)
public class S3ClientConfiguration {
@Bean
public S3AsyncClient s3client(S3ClientConfigurationProperties s3props) {
SdkAsyncHttpClient httpClient = NettyNioAsyncHttpClient.builder()
.writeTimeout(Duration.ZERO)
.maxConcurrency(64)
.build();
S3Configuration serviceConfiguration = S3Configuration.builder()
.checksumValidationEnabled(false)
.chunkedEncodingEnabled(true)
.build();
S3AsyncClientBuilder b = S3AsyncClient.builder()
.httpClient(httpClient)
.region(s3props.getRegion())
// credentials provider commented out
.serviceConfiguration(serviceConfiguration);
if (s3props.getEndpoint() != null) {
b = b.endpointOverride(s3props.getEndpoint());
}
return b.build();
}
// credentials provider Bean commented out
}
常规AmazonS3客户端的客户端(用于GeneratePresignedUrlRequest):
@Configuration
public class S3Configuration {
@Bean
public S3Storage s3Storage(S3ServiceInfo s3ServiceInfo) {
final ClientConfiguration httpsClientConfig = new ClientConfiguration().withProtocol(Protocol.HTTPS).withSignerOverride("S3SignerType");
SSLContext sslContext = SSLContexts.createSystemDefault();
httpsClientConfig.getApacheHttpClientConfig().setSslSocketFactory(new SSLConnectionSocketFactory(sslContext));
AmazonS3 client = AmazonS3ClientBuilder.standard()
.withPathStyleAccessEnabled(true)
.withForceGlobalBucketAccessEnabled(true)
.withClientConfiguration(httpsClientConfig)
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(s3ServiceInfo.getAccessKey(),s3ServiceInfo.getSecretKey())))
.withEndpointConfiguration(new EndpointConfiguration(endpointUrlWithNamespace(s3ServiceInfo.getEndpoint(),s3ServiceInfo.getAccessKey()),null))
.build();
return new S3Storage(client,s3ServiceInfo.getBucket(),s3ServiceInfo.getEndpoint());
}
protected String endpointUrlWithNamespace(String endpoint,String accessKey) {
//extract namespace from access-key (verify format)
Matcher matcher = Pattern.compile("((.+?-){3}ns\\d\\d)-").matcher(accessKey);
if (!matcher.find()) return endpoint;
String namespace = matcher.group(1);
return endpoint.contains("://s3") ? endpoint.replace("://","://" + namespace + ".") : endpoint;
}
@Configuration
public class S3LocalConfiguration {
@Bean
public S3ServiceInfo s3ServiceInfo(
@Value("${s3.accessKey}") String accessKey,@Value("${s3.secretKey}") String secretKey,@Value("${s3.bucket}") String bucket,@Value("${s3.endpoint}") String endpoint) {
return new S3ServiceInfo(null,accessKey,secretKey,endpoint,bucket);
}
}
@Data
@AllArgsConstructor
public static class S3Storage {
private AmazonS3 client;
private String bucket;
private String endpoint;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
