gpt4 book ai didi

java - 适用于 S3 的 AWS Java 开发工具包中的 SignatureDoesNotMatch

转载 作者:行者123 更新时间:2023-11-30 08:06:05 25 4
gpt4 key购买 nike

我有一个属于另一个账户的桶。使用 AWS CLI,我能够访问(列出和读取对象)这个存储桶。例如:

aws s3 ls s3://somebucket/foo/bar

列出对象。

尝试使用 Java SDK(在 Scala 中)重新创建相同的内容时,我遇到了上述异常 (SignatureDoesNotMatch)。

代码如下:

package com.myco.sample

class TestCase() {
val credentials = new com.amazonaws.auth.BasicAWSCredentials(
"ACCESS_KEY_ID",
"SECRET_ACCESS_KEY"
)
val s3 = new com.amazonaws.services.s3.AmazonS3Client(credentials)
val endpoint = "somebucket.s3-us-west-2.amazonaws.com"
s3.setEndpoint(endpoint)

try {
val objs = s3.listObjects("foo/bar")
} catch {
case ace: com.amazonaws.services.s3.model.AmazonS3Exception => {
println(ace.getAdditionalDetails)
}
}
}

对 listObjects 的调用抛出异常。输出是:

com.amazonaws.services.s3.model.AmazonS3Exception: The request signature we calculated does not match the signature you provided. Check your key and signing method. (Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: XXXXXXXXX), S3 Extended Request ID: XXXXXXXXXXXXXXXXXXX=
{SignatureProvided=XXXXXXXXXXXXX=, StringToSign=Wed, 06 Jan 2016 04:32:38 GMT
/somebucket/foo/bar/, AWSAccessKeyId=XXXXXX, Error=XXXXXXXXXXXX=, StringToSignBytes=XXXXXXXXX}

当不提供上述端点时,我收到不同的错误:您尝试访问的存储桶必须使用指定的端点寻址

设置端点后,我尝试了多种将“bucket”参数传递给 listObjects 的方法,但均无效。

不确定为什么在幕后生成的签名不正确。有什么想法吗?

最佳答案

该错误通常意味着凭据不正确。

val credentials = new com.amazonaws.auth.BasicAWSCredentials(
"ACCESS_KEY_ID",
"SECRET_ACCESS_KEY"
)

您是否在代码中使用了实际的访问 key 和 secret key ?它们是否与您的 ~/.aws/credentials 文件中的值匹配?

您可以尝试创建 AmazonS3Client 而无需使用默认构造函数显式提供凭据。默认行为是使用 ~/.aws/credentials 中的值,就像 CLI 一样。

要排除凭据问题,您可以在 CLI 中打开日志记录并将其与 SDK 日志进行比较。尝试:

aws --debug s3 ls s3://somebucket/foo/bar

你应该看到这样的东西:

...
2016-01-06 13:29:01,306 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2016-01-06 13:29:01,306 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2016-01-06 13:29:01,306 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2016-01-06 13:29:01,306 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
...

接下来,按照此处的说明启用 SDK 日志记录:http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-logging.html .您应该只需要提供 log4j jar 和示例 log4j.properties 文件。

在这里你应该看到这个:

...
2016-01-06 13:26:47,621 [main] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
2016-01-06 13:26:47,621 [main] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
2016-01-06 13:26:47,636 [main] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Loading credentials from com.amazonaws.auth.profile.ProfileCredentialsProvider@42561fba
...

如果事实证明这不是问题所在,您可以详细检查日志以进一步诊断问题。

关于java - 适用于 S3 的 AWS Java 开发工具包中的 SignatureDoesNotMatch,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34625812/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com