You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Shri Javadekar (JIRA)" <ji...@apache.org> on 2016/08/30 00:13:20 UTC
[jira] [Updated] (JCLOUDS-1161) Signed PUT requests using signature
v4
[ https://issues.apache.org/jira/browse/JCLOUDS-1161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shri Javadekar updated JCLOUDS-1161:
------------------------------------
Description:
JIRA issues JCLOUDS-766 and JCLOUDS-1090 mention that signed put requests don't work with jclouds. This is because "v4 URL signing requires a content hash for the server to accept the PUT request but the jclouds API does not allow for this". There is another way for doing this. The AWS documentation[1] says that phrase UNSIGNED-PAYLOAD can be used when the content hash is not available.
The current code in jclouds already uses UNSIGNED-PAYLOAD as the content hash and signs the requests. However, even with that signed put requests were failing for me.
Here are a couple of things I had to do to get signed put requests to work.
1. Use AWSS3BlobRequestSignerv4.
{noformat}
diff --git a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
index 6c551d5..79ea8c7 100644
--- a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
+++ b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
@@ -16,7 +16,7 @@
*/
package org.jclouds.aws.s3.blobstore.config;
-import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSigner;
+import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSignerV4;
import org.jclouds.aws.s3.blobstore.AWSS3BlobStore;
import org.jclouds.blobstore.BlobRequestSigner;
import org.jclouds.s3.blobstore.S3BlobStore;
@@ -34,6 +34,6 @@ public class AWSS3BlobStoreContextModule extends S3BlobStoreContextModule {
@Override
protected void bindRequestSigner() {
- bind(BlobRequestSigner.class).to(AWSS3BlobRequestSigner.class);
+ bind(BlobRequestSigner.class).to(AWSS3BlobRequestSignerV4.class);
}
}
{noformat}
2. In my application, I had to make sure that the contentMD5 is not added to the blob builder.
{noformat}
blob = blobStore.blobBuilder(newBlobName())
.forSigning()
.payload(input)
.contentLength(input.size())
// .contentMD5(input.hash(Hashing.md5())) <<<------------ HAD TO REMOVE THIS
.contentType(MediaType.OCTET_STREAM.toString())
.build();
request = signer.signPutBlob(containerName, blob,
requestTimeoutSeconds);
{noformat}
Ofcourse, #2 above is the responsibility of the app writer. But jclouds should change the default signer to AWSS3BlobRequestSignerV4.
[1] http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
was:
JIRA issues JCLOUDS-766 and JCLOUDS-1090 mention that signed put requests don't work with jclouds. This is because "v4 URL signing requires a content hash for the server to accept the PUT request but the jclouds API does not allow for this". There is another way for doing this. The AWS documentation[1] says that phrase UNSIGNED-PAYLOAD can be used when the content hash is not available.
The current code in jclouds already uses UNSIGNED-PAYLOAD as the content hash and signs the requests. However, even with that signed put requests were failing for me.
Here are a couple of things I had to do to get signed put requests to work.
1. Use AWSS3BlobRequestSignerv4.
{noformat}
diff --git a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
index 6c551d5..79ea8c7 100644
--- a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
+++ b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
@@ -16,7 +16,7 @@
*/
package org.jclouds.aws.s3.blobstore.config;
-import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSigner;
+import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSignerV4;
import org.jclouds.aws.s3.blobstore.AWSS3BlobStore;
import org.jclouds.blobstore.BlobRequestSigner;
import org.jclouds.s3.blobstore.S3BlobStore;
@@ -34,6 +34,6 @@ public class AWSS3BlobStoreContextModule extends S3BlobStoreContextModule {
@Override
protected void bindRequestSigner() {
- bind(BlobRequestSigner.class).to(AWSS3BlobRequestSigner.class);
+ bind(BlobRequestSigner.class).to(AWSS3BlobRequestSignerV4.class);
}
}
{noformat}
2. In my application, I had to make sure that the contentMD5 is not added to the blob builder.
{noformat}
blob = blobStore.blobBuilder(newBlobName())
.forSigning()
.payload(input)
.contentLength(input.size())
// .contentMD5(input.hash(Hashing.md5())) <<<------------ HAD TO REMOVE THIS
.contentType(MediaType.OCTET_STREAM.toString())
.build();
request = signer.signPutBlob(containerName, blob,
requestTimeoutSeconds);
{noformat}
Ofcourse, #2 above is the responsibility of the app writer. But jclouds should change the default signed to AWSS3BlobRequestSignerV4.
[1] http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
> Signed PUT requests using signature v4
> --------------------------------------
>
> Key: JCLOUDS-1161
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1161
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore
> Affects Versions: 2.0.0
> Environment: Tried this on commit 557a1156945590c221094a1ccc983ba9e1d99a60.
> {noformat}
> commit 557a1156945590c221094a1ccc983ba9e1d99a60
> Author: Iván Lomba <iv...@gmail.com>
> Date: Tue Aug 16 22:12:47 2016 +0200
> JCLOUDS-482: Fix ProfitBricksComputeServiceLiveTest custom hardware assert
> {noformat}
> Reporter: Shri Javadekar
> Fix For: 2.0.0
>
>
> JIRA issues JCLOUDS-766 and JCLOUDS-1090 mention that signed put requests don't work with jclouds. This is because "v4 URL signing requires a content hash for the server to accept the PUT request but the jclouds API does not allow for this". There is another way for doing this. The AWS documentation[1] says that phrase UNSIGNED-PAYLOAD can be used when the content hash is not available.
> The current code in jclouds already uses UNSIGNED-PAYLOAD as the content hash and signs the requests. However, even with that signed put requests were failing for me.
> Here are a couple of things I had to do to get signed put requests to work.
> 1. Use AWSS3BlobRequestSignerv4.
> {noformat}
> diff --git a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
> index 6c551d5..79ea8c7 100644
> --- a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
> +++ b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
> @@ -16,7 +16,7 @@
> */
> package org.jclouds.aws.s3.blobstore.config;
> -import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSigner;
> +import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSignerV4;
> import org.jclouds.aws.s3.blobstore.AWSS3BlobStore;
> import org.jclouds.blobstore.BlobRequestSigner;
> import org.jclouds.s3.blobstore.S3BlobStore;
> @@ -34,6 +34,6 @@ public class AWSS3BlobStoreContextModule extends S3BlobStoreContextModule {
> @Override
> protected void bindRequestSigner() {
> - bind(BlobRequestSigner.class).to(AWSS3BlobRequestSigner.class);
> + bind(BlobRequestSigner.class).to(AWSS3BlobRequestSignerV4.class);
> }
> }
> {noformat}
> 2. In my application, I had to make sure that the contentMD5 is not added to the blob builder.
> {noformat}
> blob = blobStore.blobBuilder(newBlobName())
> .forSigning()
> .payload(input)
> .contentLength(input.size())
> // .contentMD5(input.hash(Hashing.md5())) <<<------------ HAD TO REMOVE THIS
> .contentType(MediaType.OCTET_STREAM.toString())
> .build();
> request = signer.signPutBlob(containerName, blob,
> requestTimeoutSeconds);
> {noformat}
> Ofcourse, #2 above is the responsibility of the app writer. But jclouds should change the default signer to AWSS3BlobRequestSignerV4.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)