S3 object url is not secure(ssl) when opened in browser

问题

I am building a small REST API service to store and retrieve photos. For that, I am using S3 as following:

public String upload(InputStream uploadedInputStream,
                     Map<String, String> metadata, String group, String filename) {
    TransferManager tm = TransferManagerBuilder.standard()
            .withS3Client(amazonS3)
            .build();
    ObjectMetadata objectMetadata = new ObjectMetadata();
    objectMetadata.setContentType(metadata.get(Configuration.CONTENT_TYPE_METADATA_KEY));
    // TODO: 26/06/20 Add content-type to metadata
    String filepath = group + "/" + filename;
    s3transferManager.upload(new PutObjectRequest(
            configuration.getProperty("aws.s3.bucket"),
            filepath,
            uploadedInputStream,
            objectMetadata)).waitForUploadResult();
    return amazonS3.getUrl(configuration.getProperty("aws.s3.bucket"), filepath).toString();
}

url returned by the function looks like https://photos.tarkshala.com.s3.ap-south-1.amazonaws.com/default-group/1593911534320%230. When accessed it shows up like this

When I open it using the object url(https://s3.ap-south-1.amazonaws.com/photos.tarkshala.com/default-group/1593911534320%230) given in AWS S3 console it shows up fine.

Why getUrl method not returning the second url or is there a way to get second method/api that does it?

回答1:

This is because of recent changes by AWS regarding s3.

When using virtual hosted–style buckets with SSL, the SSL wild-card certificate only matches buckets that do not contain dots ("."). To work around this, use HTTP or write your own certificate verification logic. For more information, see Amazon S3 Path Deprecation Plan.

amazon-s3-path-deprecation-plan-the-rest-of-the-story

Create a bucket without a dot or use the path style URL or you check VirtualHostingCustomURLs.

S3 support two types of URL to access Object.

Virtual hosted style access

https://bucket-name.s3.Region.amazonaws.com/key name

Path-Style Requests

https://s3.Region.amazonaws.com/bucket-name/key name

Important

Buckets created after September 30, 2020, will support only virtual hosted-style requests. Path-style requests will continue to be supported for buckets created on or before this date. For more information, see Amazon S3 Path Deprecation Plan – The Rest of the Story.

S3 VirtualHosting

来源：https://stackoverflow.com/questions/62736506/s3-object-url-is-not-securessl-when-opened-in-browser

标签

java

amazon-web-services

ssl

amazon-s3

https