java - Aws S3 access denied issue -
i trying access s3 bucket. able using local machine(i.e. local machine s3 bucket), getting access denied issue while trying access ec2 instance running tomcat 8 , java 8. also when upload file permissions set root user , if keep bucket public , upload file ec2 permissions not set root user.
public class amazons3utilservice { public static final string name = "amazons3util"; private static string s3_secret = "s3_secret"; private static string s3_id = "s3_id"; private static string bucket_name = "s3_bucket"; private static final string suffix = "/"; private static final string default_folder_path = "phr/reports/"; @autowired protected environment props; private awscredentials awscredentials = null; private amazons3 s3client = null; private string bucketname = null; private static final logger log = logger.getlogger(amazons3utilservice.class); private void prepareawscredentials() { if (awscredentials == null) { log.info("preparing aws credentials"); awscredentials = new awscredentials() { @suppresswarnings("unused") map<string, string> env = system.getenv(); public string getawssecretkey() { string s3_secret = system.getproperty(amazons3utilservice.s3_secret); if (s3_secret == null) { s3_secret = system.getenv(amazons3utilservice.s3_secret); if (s3_secret == null) { s3_secret = props.getproperty(amazons3utilservice.s3_secret); } } log.info("s3_secret ---->" + s3_secret); return s3_secret; } public string getawsaccesskeyid() { string s3_id = system.getproperty(amazons3utilservice.s3_id); if (s3_id == null) { s3_id = system.getenv(amazons3utilservice.s3_id); if (s3_id == null) { s3_id = props.getproperty(amazons3utilservice.s3_id); } } log.info("s3_id ---->" + s3_id); return s3_id; } }; } } private void prepareamazons3client() { if (s3client == null) { log.info("preparing s3 client"); clientconfiguration clientcfg = new clientconfiguration(); clientcfg.setprotocol(protocol.http); s3client = new amazons3client(awscredentials, clientcfg); region region = region.getregion(regions.fromname(props.getproperty("s3client.region"))); log.info("region ----->" + props.getproperty("s3client.region")); s3client.setregion(region); } } private void preparebucketname() { bucketname = system.getenv(amazons3utilservice.bucket_name); log.info("bucketname ------>" + bucketname); } } private void prepare() { try { awscredentials = null; prepareawscredentials(); prepareamazons3client(); preparebucketname(); } catch (amazonserviceexception ase) { log.error("caught amazonserviceexception, means request made " + "to amazon s3, rejected error response reason."); log.error("error message: " + ase.getmessage() + " http status code: " + ase.getstatuscode() + " aws error code: " + ase.geterrorcode() + " error type: " + ase.geterrortype() + " request id: " + ase.getrequestid()); new amazons3clientexception(ase, ase.getmessage()); } catch (amazonclientexception ace) { log.error(ace); new amazons3clientexception(ace, ace.getmessage()); } } @suppresswarnings("unused") public string uploaddocument(uploaddocumentdetaildto uploaddocumentdetail) { prepare(); string tempfilename = new simpledateformat("yyyy-mm-dd hh-mm-ss").format(new date()); string fileurl = null; try { file uploadfilecontent = readbase64file(uploaddocumentdetail.getfilecontent(), tempfilename); uploaddocumentdetail.setcontenttype(filecontenttypeenum.pdf); string uploadfilename = getuploadfilename(uploaddocumentdetail); putobjectrequest request = new putobjectrequest(bucketname, uploadfilename, uploadfilecontent); request.putcustomrequestheader("content-type", "application/pdf"); request.putcustomrequestheader("content-disposition", "inline"); putobjectresult putobjectresult = s3client.putobject(request); url url = generatepresignedurlrequest(uploadfilename); fileurl = url.tostring(); } catch (exception e) { log.info(loggerexception.printexception(e)); fileurl = ""; } return fileurl; } public url generatepresignedurlrequest(string fileurl) { log.info("inside generatepresignedurlrequest"); java.util.date expiration = new java.util.date(); long msec = expiration.gettime(); msec += 1000 * 60 * 60; // 1 hour. expiration.settime(msec); generatepresignedurlrequest generatepresignedurlrequest = new generatepresignedurlrequest(bucketname, fileurl); generatepresignedurlrequest.setmethod(httpmethod.get); // default. generatepresignedurlrequest.setexpiration(expiration); url s = s3client.generatepresignedurl(generatepresignedurlrequest); log.info("url --->" + s); return s; } private string getuploadfilename(uploaddocumentdetaildto uploaddocumentdetail) { stringbuffer uploadfilename = new stringbuffer(); uploadfilename.append(default_folder_path); if (uploaddocumentdetail.getbeneficiaryid() != null) uploadfilename.append(uploaddocumentdetail.getbeneficiaryid() + suffix); if (uploaddocumentdetail.getdocumenttype() != null) uploadfilename.append(uploaddocumentdetail.getdocumenttype().getname() + suffix); // check , create folder validateandcreatefolder(uploadfilename.tostring()); if (uploaddocumentdetail.getassesmentid() != null) uploadfilename.append( uploaddocumentdetail.getassesmentid() + "." + uploaddocumentdetail.getcontenttype().getname()); else uploadfilename.append( uploaddocumentdetail.getdefaultfilename() + "." + uploaddocumentdetail.getcontenttype().getname()); return uploadfilename.tostring(); } private static file readbase64file(string content, string filename) throws exception { file file = file.createtempfile(filename, ".tmp"); file.deleteonexit(); fileoutputstream fileouputstream = new fileoutputstream(file); fileouputstream.write(base64.decodebase64(content)); fileouputstream.close(); return file; } public void validateandcreatefolder(string foldername) { list<s3objectsummary> filelist = null; try { filelist = s3client.listobjects(bucketname, foldername).getobjectsummaries(); } catch (amazonserviceexception e) { // todo auto-generated catch block e.printstacktrace(); } catch (amazonclientexception e) { // todo auto-generated catch block e.printstacktrace(); } if (filelist == null || filelist.isempty()) { // create meta-data folder , set content-length 0 objectmetadata metadata = new objectmetadata(); metadata.setcontentlength(0); // create empty content inputstream emptycontent = new bytearrayinputstream(new byte[0]); // create putobjectrequest passing folder name suffixed / putobjectrequest putobjectrequest = new putobjectrequest(bucketname, foldername, emptycontent, metadata); // send request s3 create folder s3client.putobject(putobjectrequest); } } /** * method first deletes files in given folder , * folder */ } following exception while access s3 ec2 instance.
info com.medscheme.common.util.amazons3utilservice - com.amazonaws.services.s3.model.amazons3exception: access denied (service: amazon s3; status code: 403; error code: accessdenied; request id: 926e1213366626b9), s3 extended request id: zqbb4jcalyexhztdsv0gmwxohrqzjuv3m+jluiavjy/sdxw/qonfc8hizfangvcjwewztoqc7/a= @ com.amazonaws.http.amazonhttpclient.handleerrorresponse(amazonhttpclient.java:1275) @ com.amazonaws.http.amazonhttpclient.executeonerequest(amazonhttpclient.java:873) @ com.amazonaws.http.amazonhttpclient.executehelper(amazonhttpclient.java:576) @ com.amazonaws.http.amazonhttpclient.doexecute(amazonhttpclient.java:362) @ com.amazonaws.http.amazonhttpclient.executewithtimer(amazonhttpclient.java:328) @ com.amazonaws.http.amazonhttpclient.execute(amazonhttpclient.java:307) @ com.amazonaws.services.s3.amazons3client.invoke(amazons3client.java:3649) @ com.amazonaws.services.s3.amazons3client.invoke(amazons3client.java:3602) @ com.amazonaws.services.s3.amazons3client.listobjects(amazons3client.java:679) @ com.amazonaws.services.s3.amazons3client.listobjects(amazons3client.java:664) @ com.medscheme.common.util.amazons3utilservice.validateandcreatefolder(amazons3utilservice.java:222) @ com.medscheme.common.util.amazons3utilservice.getuploadfilename(amazons3utilservice.java:200) @ com.medscheme.common.util.amazons3utilservice.uploaddocument(amazons3utilservice.java:166) @ com.medscheme.service.impl.reportsserviceimpl.getreport(reportsserviceimpl.java:133) @ com.medscheme.service.impl.reportsserviceimpl.getreport(reportsserviceimpl.java:1) @ com.medscheme.controller.reportscontroller.getwellnessreportdetails(reportscontroller.java:69)
i able resolve issue using using basicawscredentials class instead of awscredentials while creating amazon client. problem ec2 instance. know going wrong on ec2.
Comments
Post a Comment