可能没有文件 IO 的 AWS 凭证
[英]AWS Credentials with No File IO possible
问题描述
I have an application that runs inside a framework.
我有一个在框架内运行的应用程序。 The framework does not permit FILE IO and throws all kinds of security exceptions killing my application.该框架不允许 FILE IO 并抛出各种安全异常来杀死我的应用程序。
I can pass the accessKeyId and secretAccessKey via system properties and they are passed correctly.我可以通过系统属性传递 accessKeyId 和 secretAccessKey 并且它们被正确传递。
The problem I have is that no matter what I do the default in the AWS SDK always tries to get the credentials via File IO first (looking for its ~/.aws/credentials) and thus kills everything.我遇到的问题是,无论我在 AWS SDK 中执行什么默认操作,总是首先尝试通过文件 IO 获取凭证(寻找它的 ~/.aws/credentials),从而杀死一切。
Is there anyway to inhibit that file attempt?反正有没有禁止该文件尝试? Or another way to do this?或者另一种方法来做到这一点?
I am using aws java SDK2.我正在使用 aws java SDK2。 Weirdly SDK1 seems to work OK but but is too big as it can no be broken into modules like SDK2 can be.奇怪的是 SDK1 似乎工作正常,但是太大了,因为它不能像 SDK2 那样分解成模块。
private SqsClient initialiseClient() {
System.out.println(System.getProperty("aws.accessKeyId")); // this works
System.out.println(System.getProperty("aws.secretAccessKey")); // this works
return SqsClient.builder()
.credentialsProvider(SystemPropertyCredentialsProvider.create())
.region(Region.EU_WEST_1)
.build());
}
Stack Trace:堆栈跟踪:
Exception in thread "Thread-28" java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Users\username\.aws\credentials" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at sun.nio.fs.WindowsPath.checkRead(WindowsPath.java:792)
at sun.nio.fs.WindowsFileAttributeViews$Basic.readAttributes(WindowsFileAttributeViews.java:49)
at sun.nio.fs.WindowsFileAttributeViews$Basic.readAttributes(WindowsFileAttributeViews.java:38)
at sun.nio.fs.WindowsFileSystemProvider.readAttributes(WindowsFileSystemProvider.java:193)
at java.nio.file.Files.readAttributes(Files.java:1737)
at java.nio.file.Files.isRegularFile(Files.java:2229)
at software.amazon.awssdk.profiles.ProfileFileLocation.lambda$resolveIfExists$1(ProfileFileLocation.java:128)
at java.util.Optional.filter(Optional.java:178)
at software.amazon.awssdk.profiles.ProfileFileLocation.resolveIfExists(ProfileFileLocation.java:128)
at software.amazon.awssdk.profiles.ProfileFileLocation.credentialsFileLocation(ProfileFileLocation.java:78)
at software.amazon.awssdk.profiles.ProfileFile.addCredentialsFile(ProfileFile.java:138)
at software.amazon.awssdk.utils.builder.SdkBuilder.applyMutation(SdkBuilder.java:61)
at software.amazon.awssdk.profiles.ProfileFile.defaultProfileFile(ProfileFile.java:90)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.mergeGlobalDefaults(SdkDefaultClientBuilder.java:196)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.syncClientConfiguration(SdkDefaultClientBuilder.java:149)
at software.amazon.awssdk.services.sqs.DefaultSqsClientBuilder.buildClient(DefaultSqsClientBuilder.java:27)
at software.amazon.awssdk.services.sqs.DefaultSqsClientBuilder.buildClient(DefaultSqsClientBuilder.java:22)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.build(SdkDefaultClientBuilder.java:124)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.lambda$initialiseClient$0(QMessageHandlerV2.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.initialiseClient(QMessageHandlerV2.java:63)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.connect(QMessageHandlerV2.java:52)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.<init>(QMessageHandlerV2.java:47)
at net.something.fdDataExchange.MessageHandler.receiveDirectMsg(MessageHandler.java:28)
at net.something.fdDataExchange.commandProcessors.QCommandProcessor.run(QCommandProcessor.java:19)
at java.lang.Thread.run(Thread.java:748)
1 个解决方案
解决方案1
1 2020-04-10 18:21:46
You can try to implement a custom provider instead of using the system credential provider.您可以尝试实现自定义提供程序,而不是使用系统凭据提供程序。 Here is a small example to connect to S3 but it holds for any service for AWS.这是一个连接到 S3 的小示例,但它适用于 AWS 的任何服务。 And here is the link for your reference: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html这是供您参考的链接: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
BasicAWSCredentials awsCreds = new BasicAWSCredentials("access_key_id", "secret_key_id");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.build();
For SDK2 maybe this should work:对于 SDK2,也许这应该有效:
To explicitly supply credentials to an AWS client向 AWS 客户端显式提供凭证
Instantiate a class that provides the AwsCredentials interface, such as AwsSessionCredentials.实例化提供 AwsCredentials 接口的 class,例如 AwsSessionCredentials。 Supply it with the AWS access key and secret key to use for the connection.为它提供 AWS 访问密钥和秘密密钥以用于连接。
Create an StaticCredentialsProvider with the AwsCredentials object.使用 AwsCredentials object 创建一个 StaticCredentialsProvider。
Configure the client builder with the StaticCredentialsProvider and build the client.使用 StaticCredentialsProvider 配置客户端构建器并构建客户端。
The following example creates a new service client that uses credentials that you supplied:以下示例创建一个使用您提供的凭据的新服务客户端:
AwsSessionCredentials awsCreds = AwsSessionCredentials.create(
"your_access_key_id_here",
"your_secret_key_id_here",
"your_session_token_here");
S3Client s32 = S3Client.builder()
.credentialsProvider(StaticCredentialsProvider.create(awsCreds))
.build();
Source: https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html资料来源: https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
Hope it helps!希望能帮助到你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.