jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Tomkinson (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCLOUDS-1261) AWS v4 auth excludes port numbers from host header
Date Wed, 22 Mar 2017 13:09:41 GMT
Stephen Tomkinson created JCLOUDS-1261:
------------------------------------------

             Summary: AWS v4 auth excludes port numbers from host header
                 Key: JCLOUDS-1261
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1261
             Project: jclouds
          Issue Type: Bug
    Affects Versions: 2.0.1, 2.0.0
            Reporter: Stephen Tomkinson


The JClouds library is unable to communicate with S3 compatible services running on non-standard
ports. This has been traced to the v4 authentication code.

In HTTP, the host header can "optionally" include a port number. In practice, this is included
when the HTTP service is running on a non-standard port (i.e. not 80 or 443). The AWSv4 auth
code uses _only_ the hostname from the URI for the host header, as can be seen at:
https://github.com/jclouds/jclouds/blob/37101b7825edce7899c8a12e02f2153168ebc4df/apis/s3/src/main/java/org/jclouds/s3/filters/Aws4SignerForAuthorizationHeader.java#L76
This is fine for AWS's official S3 endpoints which are only accessible via TCP ports 80 or
443, but is incorrect for communicating with "compatible" endpoints running on non-standard
ports. In the non-standard case, the host header should include a :port suffix.

See HTTP RFC: https://tools.ietf.org/html/rfc7230#section-5.4



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message