那些遇到过的问题

Amazon S3签名不匹配 - AWS SDK Java

Fed*_*rez 19 javascript amazon-s3 amazon-web-services

我有一个需要将文件上传到S3的播放应用程序.我们正在使用Scala开发并使用Java AWS SDK.

我在尝试上传文件时遇到问题,在使用预先签名的网址时,我一直收到403 SignatureDoesNotMatch.使用AWS Java SDK通过以下代码生成URL:

def generatePresignedPutRequest(filename: String) = {
    val expiration = new java.util.Date();
    var msec = expiration.getTime() + 1000 * 60 * 60; // Add 1 hour.
    expiration.setTime(msec);

    s3 match {
      case Some(s3) => s3.generatePresignedUrl(bucketname, filename, expiration, HttpMethod.PUT).toString
      case None => {
        Logger.warn("S3 is not availiable. Cannot generate PUT request.")
        "URL not availiable"
      }
    }
  }
Run Code Online (Sandbox Code Playgroud)

对于前端代码,我们遵循ioncannon文章.

上传文件的js函数(与文章中使用的相同)

 function uploadToS3(file, url)
     {
       var xhr = createCORSRequest('PUT', url);
       if (!xhr) 
       {
         setProgress(0, 'CORS not supported');
       }
       else
       {
         xhr.onload = function() 
         {
           if(xhr.status == 200)
           {
             setProgress(100, 'Upload completed.');
           }
           else
           {
             setProgress(0, 'Upload error: ' + xhr.status);
           }
         };

         xhr.onerror = function() 
         {
           setProgress(0, 'XHR error.');
         };

         xhr.upload.onprogress = function(e) 
         {
           if (e.lengthComputable) 
           {
             var percentLoaded = Math.round((e.loaded / e.total) * 100);
             setProgress(percentLoaded, percentLoaded == 100 ? 'Finalizing.' : 'Uploading.');
           }
         };

         xhr.setRequestHeader('Content-Type', 'image/png');
         xhr.setRequestHeader('x-amz-acl', 'authenticated-read');

         xhr.send(file);
       }
     }
Run Code Online (Sandbox Code Playgroud)

服务器的响应是

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<StringToSignBytes>50 55 bla bla bla...</StringToSignBytes>
<RequestId>F7A8F1659DE5909C</RequestId>
<HostId>q+r+2T5K6mWHLKTZw0R9/jm22LyIfZFBTY8GEDznfmJwRxvaVJwPiu/hzUfuJWbW</HostId>
<StringToSign>PUT

    image/png
    1387565829
    x-amz-acl:authenticated-read
    /mybucketname/icons/f5430c16-32da-4315-837f-39a6cf9f47a1</StringToSign>
<AWSAccessKeyId>myaccesskey</AWSAccessKeyId></Error>
Run Code Online (Sandbox Code Playgroud)

我已经配置了CORS,双重检查了aws凭据并尝试更改请求标头.我总是得到相同的结果.亚马逊为什么告诉我签名不匹配?

tmk*_*ly3 29

怀疑OP仍然存在问题,但对于其他遇到此问题的人来说,答案是:

在向S3发出签名请求时,AWS会检查以确保签名与浏览器发送的HTTP头信息完全匹配.不幸的是,这需要阅读:http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html

但是在上面的代码中实际上并非如此,Javascript正在发送:

xhr.setRequestHeader('Content-Type', 'image/png');
xhr.setRequestHeader('x-amz-acl', 'authenticated-read');
Run Code Online (Sandbox Code Playgroud)

但是在Java/Scala中,调用s3.generatePresignedUrl而不传入其中任何一个.因此,生成的签名实际上是告诉S3拒绝任何带有Content-Type或x-ams-acl标头集的内容.哎呀(我也因此而堕落).

我已经看到浏览器会自动发送Content-Types,所以即使它们没有明确地添加到标题中,它们仍然会进入S3.所以问题是,我们如何在签名中添加Content-Type和x-amz-acl标头?

AWS SDK中有几个重载的generatePresignedUrl函数,但只有其中一个函数允许我们传递bucket-name,filename,expiration-date和http-method之外的任何其他函数.

解决方案是:

  1. 使用您的存储桶和文件名创建GeneratePresignedUrlRequest对象.
  2. 调用setExpiration,setContentType等,在其上设置所有标题信息.
  3. 将其传递给s3.generatePresignedUrl作为唯一参数.

以下是要使用的GeneratePresignedUrlRequest的正确函数定义:

http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Client.html#generatePresignedUrl(com.amazonaws.services.s3.model.GeneratePresignedUrlRequest)

AWS GitHub repo上的函数代码也有助于我了解如何对解决方案进行编码.希望这可以帮助.

Cra*_*yro 8

我刚刚使用NodeJs AWS SDK遇到了这个问题.这是因为使用了有效的凭据,但没有足够的权限. 更改为我的管理员密钥修复了这个没有代码更改!

Soh*_*ail 6

我遇到了类似的问题,设置配置signatureVersion: 'v4'有助于解决我的问题-

在JavaScript中:

var s3 = new AWS.S3({
  signatureVersion: 'v4'
});
Run Code Online (Sandbox Code Playgroud)

改编自https://github.com/aws/aws-sdk-js/issues/902#issuecomment-184872976

Kri*_*rma 5

我遇到了同样的问题,但是删除内容类型效果很好。特此分享完整代码。

public class GeneratePresignedUrlAndUploadObject {
    private static final String BUCKET_NAME = "<YOUR_AWS_BUCKET_NAME>"; 
    private static final String OBJECT_KEY  = "<YOUR_AWS_KEY>";
    private static final String AWS_ACCESS_KEY = "<YOUR_AWS_ACCESS_KEY>";
    private static final String AWS_SECRET_KEY = "<YOUR_AWS_SECRET_KEY>";

    public static void main(String[] args) throws IOException {
        BasicAWSCredentials awsCreds = new BasicAWSCredentials(AWS_ACCESS_KEY, AWS_SECRET_KEY);

        AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withRegion(Regions.US_EAST_1)
                .withCredentials(new AWSStaticCredentialsProvider(awsCreds)).build();

        try {
            System.out.println("Generating pre-signed URL.");
            java.util.Date expiration = new java.util.Date();
            long milliSeconds = expiration.getTime();
            milliSeconds += 1000 * 60 * 60;
            expiration.setTime(milliSeconds);

            GeneratePresignedUrlRequest generatePresignedUrlRequest = 
                    new GeneratePresignedUrlRequest(BUCKET_NAME, OBJECT_KEY);
            generatePresignedUrlRequest.setMethod(HttpMethod.PUT); 
            generatePresignedUrlRequest.setExpiration(expiration);
            URL url = s3Client.generatePresignedUrl(generatePresignedUrlRequest); 

            UploadObject(url);

            System.out.println("Pre-Signed URL = " + url.toString());
        } catch (AmazonServiceException exception) {
            System.out.println("Caught an AmazonServiceException, " +
                    "which means your request made it " +
                    "to Amazon S3, but was rejected with an error response " +
            "for some reason.");
            System.out.println("Error Message: " + exception.getMessage());
            System.out.println("HTTP  Code: "    + exception.getStatusCode());
            System.out.println("AWS Error Code:" + exception.getErrorCode());
            System.out.println("Error Type:    " + exception.getErrorType());
            System.out.println("Request ID:    " + exception.getRequestId());
        } catch (AmazonClientException ace) {
            System.out.println("Caught an AmazonClientException, " +
                    "which means the client encountered " +
                    "an internal error while trying to communicate" +
                    " with S3, " +
            "such as not being able to access the network.");
            System.out.println("Error Message: " + ace.getMessage());
        }
    }

    public static void UploadObject(URL url) throws IOException
    {
        HttpURLConnection connection=(HttpURLConnection) url.openConnection();
        connection.setDoOutput(true);
        connection.setRequestMethod("PUT");
        OutputStreamWriter out = new OutputStreamWriter(
                connection.getOutputStream());
        out.write("This text uploaded as object.");
        out.close();
        int responseCode = connection.getResponseCode();
        System.out.println("Service returned response code " + responseCode);

    }
}
Run Code Online (Sandbox Code Playgroud)

Mar*_*ett 5

对我来说同样的问题,但原因不同。我使用的是 POST 而不是 PUT

归档时间:

查看次数:

30726 次

最近记录:

6 年,6 月 前
相关归档
如何在OS X中将NODE_ENV设置为生产/开发 293
在Rails 3应用程序中添加特定于页面的JavaScript的最佳方法? 157
如何用Javascript打开本地磁盘文件? 146
未捕获错误:SECURITY_ERR:DOM异常18当我尝试设置cookie时 120
jquery文件内部或外部的函数准备就绪 58
Angular 2:如何检测数组中的变化?(@input属性) 57
jQuery UI 1.10:dialog和zIndex选项 46
Angular.js:在页面加载时设置元素高度 43
我无法在 AWS Aurora 集群中启用“公共访问”配置 8
如何检查dynamodb表中是否存在项目? 5
难疑归档
如何解决Git中的合并冲突 4600
如何异步上传文件? 2841
什么是反思,为什么它有用? 2011
我怎样才能过渡高度:0; 高度:自动; 用CSS? 1985
使用JavaScript在新选项卡(而不是新窗口)中打开URL 1941
如何删除已合并的所有Git分支? 1782
重写System.Object.GetHashCode的最佳算法是什么? 1389
确定数组是否包含值 1300
如何让jQuery执行同步而非异步的Ajax请求? 1173
网格布局上的手势检测 1076