赏金三天后到期。回答此问题可获得+50声望奖励。mikugo想引起更多的注意**这个问题。
我正在开发一个针对minio的java服务,我想让服务用户使用s3api访问minio资源。因此,我在指定的前缀上实现了assumerole授权:
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest()
.withRoleArn(endUserRoleArn)
.withDurationSeconds(14400)
.withRoleSessionName(UUID.randomUUID().toString())
.withPolicy(policyService.getRestrictedPolicy(bucket, prefix, restrictionType));
AssumeRoleResult assumeRoleResult = securityTokenService.assumeRole(assumeRoleRequest);在客户端,我正在接收这些凭据,并试图创建一个put对象,从而导致“拒绝访问”。
public void putObject(Credentials loadingzoneCredentials, String objectKey, InputStream inputStream) {
AWSCredentials credentials = new BasicSessionCredentials(
loadingzoneCredentials.getAccessKey(),
loadingzoneCredentials.getSecretAccessKey(),
loadingzoneCredentials.getSessionToken());
AmazonS3 s3client = AmazonS3ClientBuilder.standard()
.withPathStyleAccessEnabled(true)
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
loadingzoneCredentials.getUri(),
loadingzoneCredentials.getRegion()))
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setUserMetadata(Map.of("loadtest", "true"));
PutObjectResult putObjectResult = s3client.putObject(loadingzoneCredentials.getBucket(), objectKey, inputStream, objectMetadata);
}
这是所有运行在我的本地机器,端点,区域等docker正确配置。
堆栈跟踪
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied. (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 16568362241C22F0; S3 Extended Request ID: 8f0b871f-bf3b-4a50-b2b3-e3b4f5447ae3; Proxy: null)
, S3 Extended Request ID: 8f0b871f-bf3b-4a50-b2b3-e3b4f5447ae3
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5247)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5194)
at com.amazonaws.services.s3.AmazonS3Client.access$300(AmazonS3Client.java:415)
at com.amazonaws.services.s3.AmazonS3Client$PutObjectStrategy.invokeServiceCall(AmazonS3Client.java:6308)
at com.amazonaws.services.s3.AmazonS3Client.uploadObject(AmazonS3Client.java:1840)
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1800)
at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1732)
暂无答案!
目前还没有任何答案,快来回答吧!