Loading AWS credentials from a Java servlet on a Lotus Domino server on Linux

Question

I have this scenario: I created a Java servlet to be executed in a Lotus Domino server (just in case, the servlet is OUTSIDE from any database. It's in the folder <domino data>/domino/servlet/my_servlet.class ). The servlet access a S3 server using a credentials file.

When I developed the servlet, I did my tests on a Windows server, and everything worked like a charm. But, when I did the same tests on a Linux server using the same credentials and the same servlet, it did not work.

The exception occured here:

    AWSCredentials credentials = null;
    try {
        credentials = new ProfileCredentialsProvider().getCredentials();
    } catch (Exception e) {
        throw new AmazonClientException(
                "Cannot load the credentials from the credential profiles file. " +
                "Please make sure that your credentials file is at the correct " +
                "location (~/.aws/credentials), and is in valid format.",
                e);
    }

Considering that the domino server is executed with the user notes , I put the credentials in notes/.aws/credentials . Nothing. I put it in the ec2-user/.aws/credentials (it's a EC2 server). Nothing again. Same exception.

About the Domino server, it's executed using a user notes . The .aws folder and the credentials file owner is notes . The permissions in the credentials file is 600. The servlet owner is notes too.

Do you have any idea about how can I resolve this?

TIA,

EDIT: I added this lines in the servlet:

res.setContentType("text/html");        
PrintWriter toBrowser = res.getWriter();        
//etc.
toBrowser.println("HOME: " + System.getProperty("user.home")); 

I got this:

HOME: /home/notes 

I checked this folder again and the credentials are still there.

[root@ip-xxx-xxx-xxx-xxx notes]# ls -l /home/notes/.aws
total 4
-rw------- 1 notes notes 117 Nov 28 03:50 credentials
[root@ip-xxx-xxx-xxx-xxx notes]#

EDIT 2: I added this lines too:

File f = new File(System.getProperty("user.home") + "/.aws/credentials");

if(f.exists()){
    toBrowser.println("Credentials exists" + "<BR/>"); 
}else{
    toBrowser.println("Credentials DOES NOT exist" + "<BR/>"); 
}

And I got this:

Credentials exists

Therefore, the servlet has the right permissions to find the credentials file.

I'm stuck on this...

Answer 1

Well, the problem was that the servlet had no access to the environment variables

That's because there's a bug in the Lotus Domino server since the version 8.5. The solution was modify the java.policy file at $JAVA_HOME/lib/security adding this line:

grant {
    [...]
    permission java.security.AllPermission;
    [...]
}

Everything works again.

Answer 2

Actually if you place your credentials in ~/.aws/credentials like you have done, then you can call your Amazon AWS SDK client constructor without any parameters. For example:

AmazonSNSAsyncClient snsClient = new AmazonSNSAsyncClient();

But if the servlet has no access to the environment variables then the AWS SDK probably doesn't have access too. However the file loading code would not be needed.

See http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/credentials.html for more info.