6

Using Java8 and aws-java-sdk 1.10.43 I'm trying to get a Pre-Signed URL to an S3 file. I do get back a link, but browsing to it lead to this error:

authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256

To emphasize, I wish to generate a URL that can be sent via email and opened in a browser, not to use Java code to read from that URL.

I'm using the bellow code, and I believe to find out that I need to somehow set setSSEAlgorithm to use "v4", however I've failed to make it work. What am I missing? What should I configure (note: I'm avoiding configuration file on purpose, I wish the code to set all attributes from environment variables)

Date expiration = <some date>;
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName, targetPath);
generatePresignedUrlRequest.setMethod(HttpMethod.GET);
generatePresignedUrlRequest.setExpiration(expiration);

AmazonS3 s3client = new AmazonS3Client(s3Credentials);
URL s = s3client.generatePresignedUrl(generatePresignedUrlRequest);

The bucket is at eu-central-1

Thank you

user2339344
  • 951
  • 2
  • 12
  • 22
  • The solution proposed there didn't help - setting the property still generated to the same outcome. To clerify: I'm able to generate a URL that seems as a presigned URL, however pasting that URL in a browser leads to the error message. I'm not trying to read the content using my Java code, but I wish to generate a URL to be pasted within a browser (e.g. send via email) – user2339344 Dec 28 '15 at 08:55
  • Generating pre-signed URLs is done without interacting with the actual S3 service, so it makes sense that your code "works" to that point and the error occurs when the URL is used. Does the signed URL you're generating include `Signature=`?... or is it `x-amz-signature=`? – Michael - sqlbot Dec 28 '15 at 10:10
  • Signature=. here is an example of the URL I receive: https://?AWSAccessKeyId=&Expires=1451297351&Signature=1kD1IQfn2gfmJ%2Fa2Wp2ZORVte0Y%3D – user2339344 Dec 28 '15 at 10:18
  • That is definitely a Signature Version 2 URL, so your code is not enabling V4 signing as indicated in the linked question, with one possible for explanation being that your version of SDK is too old to support it. – Michael - sqlbot Dec 28 '15 at 10:26
  • Setting SDK property nor end point helped me. I solved it by adding config property in the s3client. for ex: new AmazonS3Client( new ClientConfiguration().withSignerOverride("AWSS3V4SignerType")) – Arshed Aug 30 '16 at 06:10

1 Answers1

7

Using some help I've found the answer, which was a combination of 2 missing pieces (one of which was referred to in the comments):

  1. Need to set this:

    System.setProperty(SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY, "true");

  2. Must set the "endPoint" (which was not required for upload or download):

    s3Client.setEndpoint(endpoint);

Optionally it might be useful to also add this:

s3Client.setS3ClientOptions(new S3ClientOptions().withPathStyleAccess(true));
user2339344
  • 951
  • 2
  • 12
  • 22
  • This works...I only executed the `2` point. – Tirath Feb 09 '17 at 05:33
  • 1
    what value of **endpoint**? @Tirath – Mahmoud Mabrok Nov 23 '20 at 10:49
  • @MahmoudMabrok , as per [AWS service endpoints - AWS General Reference](https://docs.aws.amazon.com/general/latest/gr/rande.html), _an endpoint is the URL of the entry point for an AWS web service_, so you should use the endpoint of services you are using. – li ki Oct 11 '22 at 14:36