AWSCredentials does not have a constructor with session parameter

289 views
Skip to first unread message

Roadrunner

unread,
Feb 12, 2012, 5:50:21 AM2/12/12
to JetS3t Users
hello, new here..

i'm trying to receive credentials from a tvm(Token vending machine)..
the problem is, as i think, that amazon requires a session key for
federated users.

the aws sdk provides this constructor
http://docs.amazonwebservices.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/BasicSessionCredentials.html
which takes a session token.


here is a code i wrote and tried :

//get Credentials from Token Machine
clientManager = new AmazonClientManager( prefs );
Response response = clientManager.validateCredentials();
if ( response != null && response.requestWasSuccessful() ) {

//test with original SDK
com.amazonaws.auth.AWSCredentials credentials =
AmazonSharedPreferencesWrapper.getCredentialsFromSharedPreferences( prefs );
AmazonS3Client s3Client = new
AmazonS3Client(credentials);
s3Client.createBucket("testbbds343489478445443");

// original SDK end. --> ***works***

//test with JetS3t
String AWSAccessKey =
credentials.getAWSAccessKeyId();
String AWSSecretKey =
credentials.getAWSSecretKey();

// insert credentials and upload file
String accessKey = prefs.getString("AWS_ACCESS_KEY",
null);
String secretKey = prefs.getString("AWS_SECRET_KEY",
null);
AWSCredentials awsCredentials = new
AWSCredentials(accessKey, secretKey); // JetS3t AWSCredentials
try {
s3Service = new RestS3Service(awsCredentials);
S3Bucket s3Bucket = s3Service.createBucket("vasdfkvnalkjv434524");

}
//JetS3t end --> ResponseCode: 403, ResponseStatus:
Forbidden, XML Error Message: <?xml version="1.0" encoding="UTF-8"?
><Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key
Id you provided does not exist in our records.</Message>

as you can see both use the same access key and secret key.
the difference is that com.amazonaws.auth.AWSCredentials has a session
token.

is there a way around this problem?
because i'd rather use the jets3t toolkit

James Murty

unread,
Feb 14, 2012, 2:10:13 AM2/14/12
to jets3t...@googlegroups.com
Hi,

JetS3t did not have explicit support for temporary/session-based AWS
accounts. I have now added this support via the new
AWSSessionCredentials class, see the changeset here:
https://bitbucket.org/jmurty/jets3t/changeset/7a4f742d991d

If you are able to check out the latest version of the JetS3 code and
try out this new credential type that would be great.


If you are not able to use the latest code, you can work around the
lack of explicit support by using the existing AWSDevPayCredentials
class, since the session-based accounts use the same
"x-amz-security-token" HTTP header as the supported DevPay mechanism.
Construct an AWSDevPayCredentials instance setting the access key and
secret key as usual, set the user token value to your session key, and
leave the product token as null. This should result in JetS3t sending
your session token value with all requests, as required when using
this authentication mechanism.

Hope this helps,
James

> --
> You received this message because you are subscribed to the Google Groups "JetS3t Users" group.
> To post to this group, send email to jets3t...@googlegroups.com.
> To unsubscribe from this group, send email to jets3t-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/jets3t-users?hl=en.
>

Roadrunner

unread,
Mar 4, 2012, 1:51:16 PM3/4/12
to JetS3t Users
Thank you,
sorry for the late response.

I will be more than happy to try the latest version with the new
AWSSessionCredentials, but i don't know to do it.
i only know how to add an external lib to the build path(using
eclipse), don't know how to overwrite/change the classes within...

so, for now i'll have to use the DevPay option

thanks again:)

On Feb 14, 9:10 am, James Murty <jamu...@gmail.com> wrote:
> Hi,
>
> JetS3t did not have explicit support for temporary/session-based AWS
> accounts. I have now added this support via the new
> AWSSessionCredentials class, see the changeset here:https://bitbucket.org/jmurty/jets3t/changeset/7a4f742d991d
>
> If you are able to check out the latest version of the JetS3 code and
> try out this new credential type that would be great.
>
> If you are not able to use the latest code, you can work around the
> lack of explicit support by using the existing AWSDevPayCredentials
> class, since the session-based accounts use the same
> "x-amz-security-token" HTTP header as the supported DevPay mechanism.
> Construct an AWSDevPayCredentials instance setting the access key and
> secret key as usual, set the user token value to your session key, and
> leave the product token as null. This should result in JetS3t sending
> your session token value with all requests, as required when using
> this authentication mechanism.
>
> Hope this helps,
> James
>
>
>
>
>
>
>
> On Sun, Feb 12, 2012 at 9:50 PM, Roadrunner <alon1...@gmail.com> wrote:
> > hello, new here..
>
> > i'm trying to receive credentials from a tvm(Token vending machine)..
> > the problem is, as i think, that amazon requires a session key for
> > federated users.
>
> > the aws sdk provides this constructor
> >http://docs.amazonwebservices.com/AWSJavaSDK/latest/javadoc/com/amazo...

James Murty

unread,
Mar 5, 2012, 5:01:42 PM3/5/12
to jets3t...@googlegroups.com
There are some build instructions on the JetS3t BitBucket wiki that
may help you obtain and build the latest code:
https://bitbucket.org/jmurty/jets3t/wiki/Build_Instructions

But if not, hopefully the workaround will suffice.

Reply all
Reply to author
Forward
0 new messages