我有一个在框架内运行的应用程序。该框架不允许FILE IO并引发各种安全异常,这些异常会杀死我的应用程序。
我可以通过系统属性传递accessKeyId和secretAccessKey,并且它们正确传递。
我的问题是,无论我做什么,AWS开发工具包中的默认设置始终总是首先尝试通过文件IO获取证书(查找其〜/ .aws / credentials),从而杀死所有内容。
反正有没有禁止该文件的尝试?或另一种方式?
我正在使用AWS Java SDK2。奇怪的是,SDK1似乎可以正常工作,但是它太大了,因为它无法像SDK2那样分解为模块。
private SqsClient initialiseClient() {
System.out.println(System.getProperty("aws.accessKeyId")); // this works
System.out.println(System.getProperty("aws.secretAccessKey")); // this works
return SqsClient.builder()
.credentialsProvider(SystemPropertyCredentialsProvider.create())
.region(Region.EU_WEST_1)
.build());
}
堆栈跟踪:
Exception in thread "Thread-28" java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Users\username\.aws\credentials" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at sun.nio.fs.WindowsPath.checkRead(WindowsPath.java:792)
at sun.nio.fs.WindowsFileAttributeViews$Basic.readAttributes(WindowsFileAttributeViews.java:49)
at sun.nio.fs.WindowsFileAttributeViews$Basic.readAttributes(WindowsFileAttributeViews.java:38)
at sun.nio.fs.WindowsFileSystemProvider.readAttributes(WindowsFileSystemProvider.java:193)
at java.nio.file.Files.readAttributes(Files.java:1737)
at java.nio.file.Files.isRegularFile(Files.java:2229)
at software.amazon.awssdk.profiles.ProfileFileLocation.lambda$resolveIfExists$1(ProfileFileLocation.java:128)
at java.util.Optional.filter(Optional.java:178)
at software.amazon.awssdk.profiles.ProfileFileLocation.resolveIfExists(ProfileFileLocation.java:128)
at software.amazon.awssdk.profiles.ProfileFileLocation.credentialsFileLocation(ProfileFileLocation.java:78)
at software.amazon.awssdk.profiles.ProfileFile.addCredentialsFile(ProfileFile.java:138)
at software.amazon.awssdk.utils.builder.SdkBuilder.applyMutation(SdkBuilder.java:61)
at software.amazon.awssdk.profiles.ProfileFile.defaultProfileFile(ProfileFile.java:90)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.mergeGlobalDefaults(SdkDefaultClientBuilder.java:196)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.syncClientConfiguration(SdkDefaultClientBuilder.java:149)
at software.amazon.awssdk.services.sqs.DefaultSqsClientBuilder.buildClient(DefaultSqsClientBuilder.java:27)
at software.amazon.awssdk.services.sqs.DefaultSqsClientBuilder.buildClient(DefaultSqsClientBuilder.java:22)
at software.amazon.awssdk.core.client.builder.SdkDefaultClientBuilder.build(SdkDefaultClientBuilder.java:124)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.lambda$initialiseClient$0(QMessageHandlerV2.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.initialiseClient(QMessageHandlerV2.java:63)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.connect(QMessageHandlerV2.java:52)
at net.something.fdDataExchange.messageHandlers.QMessageHandlerV2.<init>(QMessageHandlerV2.java:47)
at net.something.fdDataExchange.MessageHandler.receiveDirectMsg(MessageHandler.java:28)
at net.something.fdDataExchange.commandProcessors.QCommandProcessor.run(QCommandProcessor.java:19)
at java.lang.Thread.run(Thread.java:748)
您可以尝试实现自定义提供程序,而不使用系统凭据提供程序。这是一个连接到S3的小示例,但适用于AWS的任何服务。这是供您参考的链接:https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
BasicAWSCredentials awsCreds = new BasicAWSCredentials("access_key_id", "secret_key_id");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.build();
对于SDK2,也许应该可以使用:
为显式提供凭证给AWS客户端
实例化一个提供AwsCredentials接口的类,例如AwsSessionCredentials。向其提供用于连接的AWS访问密钥和秘密密钥。
使用AwsCredentials对象创建一个StaticCredentialsProvider。
使用StaticCredentialsProvider配置客户端构建器并构建客户端。
以下示例创建一个使用您提供的凭据的新服务客户端:
AwsSessionCredentials awsCreds = AwsSessionCredentials.create(
"your_access_key_id_here",
"your_secret_key_id_here",
"your_session_token_here");
S3Client s32 = S3Client.builder()
.credentialsProvider(StaticCredentialsProvider.create(awsCreds))
.build();
来源:https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
希望有帮助!