Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
S3: Presigned URLs with canned ACL missing `x-amz-acl` query parameter
See original GitHub issueJava 14.0.1+7 (OpenJDK Runtime Environment)
Linux (4.14.171-105.231.amzn1.x86_64)
I’m attempting to migrate over to the SDK v2 Presigned URL generators added under https://github.com/aws/aws-sdk-java-v2/issues/203.
Java SDK v1 (1.11.784)
In the SDK v1, I’m able to invoke request.addRequestParameter() which allows me to add custom request parameters to the request (such as x-amz-acl=public-read):
final GeneratePresignedUrlRequest request =
new GeneratePresignedUrlRequest("foo", "bar.jpg")
.withMethod(HttpMethod.PUT)
.withExpiration(new Date(...));
request.addRequestParameter("x-amz-acl", "public-read"); // <<--!!
This results in a presigned URL which looks like:
https://foo.s3.us-west-1.amazonaws.com/bar.jpg?
x-amz-acl=public-read&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Date=20200518T221231Z&
X-Amz-SignedHeaders=host&
X-Amz-Expires=60&
X-Amz-Credential=BAZ%2F20200518%2Fus-west-1%2Fs3%2Faws4_request&
X-Amz-Signature=b677332742ac54c6a21bb827ac22376fdc674b06ae360bb63793b61666d774f9
Note the x-amz-acl=public-read query parameter, which allows me to apply a canned ACL to the object once uploaded.
Java SDK v2 (2.13.19)
However, in the SDK v2, there does not appear to be way to attach such custom parameters to the presigned request. Instead, in an attempt to get the same canned ACL behavior, I’m setting request.acl(ObjectCannedACL.PUBLIC_READ) on my PutObjectRequest:
final PutObjectRequest putObjectRequest = PutObjectRequest.builder()
.bucket("foo")
.key("bar.jpg")
.acl(ObjectCannedACL.PUBLIC_READ) // <<--!!
.build();
final PutObjectPresignRequest request = PutObjectPresignRequest.builder()
.signatureDuration(Duration.ofMillis(...))
.putObjectRequest(putObjectRequest)
.build();
Unfortunately though, this does not generate an equivalent URL:
https://foo.s3.us-west-1.amazonaws.com/bar.jpg?
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Date=20200518T221231Z&
X-Amz-SignedHeaders=host%3Bx-amz-acl&
X-Amz-Expires=60&
X-Amz-Credential=BAZ%2F20200518%2Fus-west-1%2Fs3%2Faws4_request&
X-Amz-Signature=af576cc66199a649df8010aceb86e44b3d16a347438be39cb0df0dd9579b9684
Note the absence of the x-amz-acl=public-read query parameter on the presigned URL generated by the Java SDK v2 (2.13.19), even though I have set .acl(ObjectCannedACL.PUBLIC_READ) on my PutObjectRequest.
Unfortunately, I now have to set the x-amz-acl: public-read HTTP request header on the PUT in order for this presigned URL to work, which does not match the behavior of the SDK v1.
Is it expected that setting .acl(ObjectCannedACL.PUBLIC_READ) on the SDK v2 PutObjectRequest does not set the x-amz-acl=public-read query parameter on the presigned request URL? Is there anyway to override this behavior? For parity with the SDK v1, I conjecture the SDK v2 should also set the x-amz-acl query parameter on the generated presigned URL when using a canned ACL.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I just hit this issue with the 2.15.50 version of the SDK. In my opinion, this issue should not be closed. @debora-ito did provide a way to mitigate the symptom and present an alternative, but the actual issue still persists.
@markkolich I’ll go ahead and close this issue, as the operation is working fine now. If I have more information about the presigner behavior I’ll post it here.