S3 object url is not secure(ssl) when opened in browser

五迷三道 提交于 2021-02-10 09:28:55

问题


I am building a small REST API service to store and retrieve photos. For that, I am using S3 as following:

public String upload(InputStream uploadedInputStream,
                     Map<String, String> metadata, String group, String filename) {
    TransferManager tm = TransferManagerBuilder.standard()
            .withS3Client(amazonS3)
            .build();
    ObjectMetadata objectMetadata = new ObjectMetadata();
    objectMetadata.setContentType(metadata.get(Configuration.CONTENT_TYPE_METADATA_KEY));
    // TODO: 26/06/20 Add content-type to metadata
    String filepath = group + "/" + filename;
    s3transferManager.upload(new PutObjectRequest(
            configuration.getProperty("aws.s3.bucket"),
            filepath,
            uploadedInputStream,
            objectMetadata)).waitForUploadResult();
    return amazonS3.getUrl(configuration.getProperty("aws.s3.bucket"), filepath).toString();
}

url returned by the function looks like https://photos.tarkshala.com.s3.ap-south-1.amazonaws.com/default-group/1593911534320%230. When accessed it shows up like this

When I open it using the object url(https://s3.ap-south-1.amazonaws.com/photos.tarkshala.com/default-group/1593911534320%230) given in AWS S3 console it shows up fine.

Why getUrl method not returning the second url or is there a way to get second method/api that does it?


回答1:


This is because of recent changes by AWS regarding s3.

When using virtual hosted–style buckets with SSL, the SSL wild-card certificate only matches buckets that do not contain dots ("."). To work around this, use HTTP or write your own certificate verification logic. For more information, see Amazon S3 Path Deprecation Plan.

amazon-s3-path-deprecation-plan-the-rest-of-the-story

Create a bucket without a dot or use the path style URL or you check VirtualHostingCustomURLs.

S3 support two types of URL to access Object.

  • Virtual hosted style access
https://bucket-name.s3.Region.amazonaws.com/key name
  • Path-Style Requests
https://s3.Region.amazonaws.com/bucket-name/key name

Important

Buckets created after September 30, 2020, will support only virtual hosted-style requests. Path-style requests will continue to be supported for buckets created on or before this date. For more information, see Amazon S3 Path Deprecation Plan – The Rest of the Story.

S3 VirtualHosting



来源:https://stackoverflow.com/questions/62736506/s3-object-url-is-not-securessl-when-opened-in-browser

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!