AWS S3 - 如何为Android获取正确的凭据?

时间:2016-11-09 23:07:25

标签: android amazon-web-services amazon-s3 amazon credentials

我正在制作一个带有S3的Android应用程序,以便用户可以将内容上传到S3服务器。对于AWS令牌,我们使用自己的服务器来获取以下内容。

AwsToken.java是以下json的POJO。

{
  "id": "us-east-1:xxxxx",
  "token": "xxxxx",
  "region": "us-east-1",
  "identityPoolId": "us-east-1:xxxxx",
  "loginProvider": "xxxxx"
}

然后我尝试使用它创建identityProvider和credentialsProvider来获取AmazonS3Client和TransferUtility。

KOIAWSAuthenticatedIdentityProvider identityProvider = new KOIAWSAuthenticatedIdentityProvider(awsToken);

CognitoCachingCredentialsProvider cognitoCachingCredentialsProvider = new CognitoCachingCredentialsProvider(
    getApplicationContext(), // Context
    identityProvider,
    Regions.US_EAST_1 // Region
);

AmazonS3Client sS3Client = new AmazonS3Client(cognitoCachingCredentialsProvider);
TransferUtility transferUtility = new TransferUtility(sS3Client, getApplicationContext());

KOIAWSAuthenticatedIdentityProvider.java 

package com.krossover.network.aws;

import com.amazonaws.auth.AWSCognitoIdentityProvider;
import com.amazonaws.auth.IdentityChangedListener;
import com.krossover.network.models.AWSToken;

import java.util.Map;

/**
 * Created by paulshin on 9/26/16.
 */
public class KOIAWSAuthenticatedIdentityProvider implements AWSCognitoIdentityProvider {
    private AWSToken awsToken;

    public KOIAWSAuthenticatedIdentityProvider(AWSToken awsToken) {
        this.awsToken = awsToken;
    }

    @Override
    public String getIdentityId() {
        return awsToken.id;
    }

    @Override
    public String getIdentityPoolId() {
        return awsToken.identityPoolId;
    }

    @Override
    public void setLogins(Map<String, String> loginsMap) {

    }

    @Override
    public Map<String, String> getLogins() {
        return null;
    }

    @Override
    public boolean isAuthenticated() {
        return true;
    }

    @Override
    public void registerIdentityChangedListener(IdentityChangedListener listener) {

    }

    @Override
    public void unregisterIdentityChangedListener(IdentityChangedListener listener) {

    }

    @Override
    public void identityChanged(String newIdentity) {

    }

    @Override
    public void clearListeners() {

    }

    @Override
    public String getToken() {
        return awsToken.token;
    }

    @Override
    public String refresh() {
        return null;
    }
}

问题是我一直得到这个错误

E/CognitoCachingCredentialsProvider: Failure to get credentials
    com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Access to Identity 'us-east-1:xxxxx' is forbidden. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: xxxxx)
        at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:712)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:388)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:199)
        at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:558)
        at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getCredentialsForIdentity(AmazonCognitoIdentityClient.java:388)
        at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:651)
        at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:577)
        at com.amazonaws.auth.CognitoCredentialsProvider.getCredentials(CognitoCredentialsProvider.java:371)
        at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:441)
        at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:76)
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4369)
        at com.amazonaws.services.s3.AmazonS3Client.initiateMultipartUpload(AmazonS3Client.java:3287)
        at com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.initiateMultipartUpload(UploadTask.java:252)
        at com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.uploadMultipartAndWaitForCompletion(UploadTask.java:100)
        at com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.call(UploadTask.java:80)
        at com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.call(UploadTask.java:44)
        at java.util.concurrent.FutureTask.run(FutureTask.java:237)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
    at java.lang.Thread.run(Thread.java:818)
 E/UploadTask: Error initiating multipart upload: 31 due to Access to Identity 'us-east-1:xxxxx' is forbidden. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: xxxxx)

我们的iOS应用程序具有非常相似的逻辑,它工作正常,从未遇到过Access禁止错误。我不知道为什么我会从Android库中获取它。

仅供参考,这是KOIAWSAuthenticatedIdentityProvider.java的iOS版本

class KOIAWSAuthenticatedIdentityProvider: AWSCognitoCredentialsProviderHelper {

    private var awsToken: String

    init(regionType: AWSRegionType,
         identityPoolId: String,
         providerName: String,
         identityId: String,
         token: String)
    {
        self.awsToken = token

        super.init(
            regionType: regionType,
            identityPoolId: identityPoolId,
            useEnhancedFlow: true,
            identityProviderManager: nil)

        self.identityId = identityId
    }

    override func token() -> AWSTask {
        return AWSTask(result: self.awsToken)
    }
}

我看到的区别是Android没有与useEnhancedFlow有关:true&#34; ..

任何人都有任何想法?感谢..

1 个答案:

答案 0 :(得分:0)

当身份验证身份是经过身份验证的身份(已经有链接登录的身份)时,几乎总是会抛出对身份x的访问权限,但是在没有包含登录的情况下正在为该身份做出请求。 Cognito要求您在尝试访问时提供与经过身份验证的身份相关联的&gt; = 1登录信息。

你可能正在遇到这个问题,因为你所分类的类不是正确的。根据{{​​3}},您应该继承AWSAbstractCognitoDeveloperIdentityProvider。

相关问题
最新问题