You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Ben Piper (JIRA)" <ji...@apache.org> on 2016/03/16 01:06:33 UTC

[jira] [Created] (JCLOUDS-1093) AWSS3BlobRequestSigner not allowing for x-amz-security-token

Ben Piper created JCLOUDS-1093:
----------------------------------

             Summary: AWSS3BlobRequestSigner not allowing for x-amz-security-token
                 Key: JCLOUDS-1093
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1093
             Project: jclouds
          Issue Type: Bug
          Components: jclouds-blobstore
    Affects Versions: 1.9.2
            Reporter: Ben Piper


When using the aws-s3 BlobStore provider with temporary credentials (i.e. credentials that require a session token), and calling signGetBlob (same probably applies to signPutBlob), the request that it is signing does not include the necessary x-amz-security-token header, even though after signing the request will be filtered (by RequestAuthorizeSignature) to include that header (making it an invalid request because that header belongs in the signature), ergo when trying to make the request, S3 will return a 403.

It seems that AWSS3BlobRequestSigner.signForTemporaryAccess should probably be grabbing the security token header if necessary and including it in the signature, and as a query param.  It would also be nice if it didn't have to repeat work done by RequestAuthorizeSignature, which might possibly work if it set the x-amz-date header instead of Date, then called cleanRequest, and then added query params as necessary (grabbing the signature from the headers).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)