AWS Identity TVM返回Http 401响应,并显示“客户端签名不匹配”错误

时间:2013-11-24 16:07:15

标签: android amazon-web-services tvm

我正在使用;

  • Eclipse Juno
  • ADT-22.3.0
  • AWS-Android的SDK-1.7.0

对于使用AWS Token Vending机器代码我从下面的链接使用了android的示例代码; http://aws.amazon.com/code/4598681430241367

My Identity TVM模块部署在Glassfish服务器4.0

尝试与Identity TVM示例通信时,我的AmazonS3PersonalFileStore示例for android;给出错误

11-24 15:16:54.886: W/AmazonTVMClient(2262): Request to Token Vending Machine failed with Code: [404] Message: [Unable to reach resource at [http://ip.ip.ip.ip:8080/tvm/login?uid=59434cd89b7ff4b72695fbe55dc06e10&username=useruser&timestamp=2013-11-24T15%3A16%3A54.149Z&signature=fca134941ac0f1432568b1590057a64c1a537934d0f7c94b380c9fb23758bbd8]]

和服务器端显示错误;

[2013-11-24T15:17:00.095+0000] [glassfish 4.0] [WARNING] [] [TokenVendingMachineLogger] [tid: _ThreadID=19 _ThreadName=http-listener-1(2)] [timeMillis: 1385306220095] [levelValue: 900] [[
  Client signature : fca134941ac0f1432568b1590057a64c1a537934d0f7c94b380c9fb23758bbd8 doesnot match with server generated signature .Setting Http status code 401]]

[2013-11-24T15:17:00.097+0000] [glassfish 4.0] [SEVERE] [] [TokenVendingMachineLogger] [tid: _ThreadID=19 _ThreadName=http-listener-1(2)] [timeMillis: 1385306220097] [levelValue: 1000] [[Error validating login request for username : useruser]]`

如果有人可以帮忙给点解决它;我还希望没有什么特别需要做的,以使Identity TVM代码能够在glassfish上运行?


修改

当我在ElasticBeanstalk上部署IdentityTVM.war(开箱即用) - 它完美无缺。我认为问题在于我修改代码以使用glassfish的方式。我正在对TVM代码进行以下更改;

  1. com.amazonaws.tvm.Configuration:使用我的TVMUser(以IAM创建)凭据(AWS_ACCESS_KEY_ID,AWS_SECRET_KEY,APP_NAME)硬编码三个项目
  2. TokenVendingMachinePolicy.json:改变了我的政策如下;

    {"Statement": [ {"Effect":"Allow","Action":["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Resource":"arn:aws:s3:::MyBUCKET/__USERNAME__/*"}, {"Effect":"Allow","Action":"s3:ListBucket","Resource":"arn:aws:s3:::MyBUCKET","Condition":{"StringLike":{"s3:prefix":"__USERNAME__/"}}}, {"Effect":"Deny","Action":["iam:*", "sts:*", "sdb:*"],"Resource":"*"}]}

  3. 我是否按照正确的步骤修改IdentityTVM以部署glassfish?我必须使用glassfish,因为我们的架构有一个基于它的集群环境。

1 个答案:

答案 0 :(得分:0)

我认为这将是您的端点不匹配的问题,即:

客户:

AwsCredential.properties

tokenVendingMachineURL=tvm.mydomain.com

<强> TVM

端点派生自

HttpServletRequest.getServerName()

我遇到了同样的问题,这就是它的原因。请参阅亚马逊移动论坛上的帖子:https://forums.aws.amazon.com/thread.jspa?threadID=143949

TVM使用 localhost 作为端点。我需要更新我的vhosts文件以使项目包含ProxyPreserveHost On

希望这有帮助。