minio重试“拒绝访问”,即使在请求时使用有效的令牌,为什么minio会忽略sts令牌?

fnvucqvd  于 2021-06-29  发布在  Java
关注(0)|答案(0)|浏览(2115)

赏金三天后到期。回答此问题可获得+50声望奖励。mikugo想引起更多的注意**这个问题。

我正在开发一个针对minio的java服务,我想让服务用户使用s3api访问minio资源。因此,我在指定的前缀上实现了assumerole授权:

AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest()
                .withRoleArn(endUserRoleArn)
                .withDurationSeconds(14400)
                .withRoleSessionName(UUID.randomUUID().toString())
                .withPolicy(policyService.getRestrictedPolicy(bucket, prefix, restrictionType));

AssumeRoleResult assumeRoleResult = securityTokenService.assumeRole(assumeRoleRequest);

在客户端,我正在接收这些凭据,并试图创建一个put对象,从而导致“拒绝访问”。

public void putObject(Credentials loadingzoneCredentials, String objectKey, InputStream inputStream) {
        AWSCredentials credentials = new BasicSessionCredentials(
                loadingzoneCredentials.getAccessKey(),
                loadingzoneCredentials.getSecretAccessKey(),
                loadingzoneCredentials.getSessionToken());

        AmazonS3 s3client = AmazonS3ClientBuilder.standard()
                .withPathStyleAccessEnabled(true)
                .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
                        loadingzoneCredentials.getUri(),
                        loadingzoneCredentials.getRegion()))
                .withCredentials(new AWSStaticCredentialsProvider(credentials))
                .build();

        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.setUserMetadata(Map.of("loadtest", "true"));
        PutObjectResult putObjectResult = s3client.putObject(loadingzoneCredentials.getBucket(), objectKey, inputStream, objectMetadata);
    }


这是所有运行在我的本地机器,端点,区域等docker正确配置。
堆栈跟踪

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied. (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 16568362241C22F0; S3 Extended Request ID: 8f0b871f-bf3b-4a50-b2b3-e3b4f5447ae3; Proxy: null)
, S3 Extended Request ID: 8f0b871f-bf3b-4a50-b2b3-e3b4f5447ae3
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5247)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5194)
    at com.amazonaws.services.s3.AmazonS3Client.access$300(AmazonS3Client.java:415)
    at com.amazonaws.services.s3.AmazonS3Client$PutObjectStrategy.invokeServiceCall(AmazonS3Client.java:6308)
    at com.amazonaws.services.s3.AmazonS3Client.uploadObject(AmazonS3Client.java:1840)
    at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1800)
    at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1732)

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题