jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Gaul (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (JCLOUDS-1261) AWS v4 auth excludes port numbers from host header
Date Sat, 22 Apr 2017 20:05:04 GMT

     [ https://issues.apache.org/jira/browse/JCLOUDS-1261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Andrew Gaul updated JCLOUDS-1261:
    Component/s: jclouds-blobstore

> AWS v4 auth excludes port numbers from host header
> --------------------------------------------------
>                 Key: JCLOUDS-1261
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1261
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-blobstore
>    Affects Versions: 2.0.0, 2.0.1
>            Reporter: Stephen Tomkinson
> The JClouds library is unable to communicate with S3 compatible services running on non-standard
ports. This has been traced to the v4 authentication code.
> In HTTP, the host header can "optionally" include a port number. In practice, this is
included when the HTTP service is running on a non-standard port (i.e. not 80 or 443). The
AWSv4 auth code uses _only_ the hostname from the URI for the host header, as can be seen
> https://github.com/jclouds/jclouds/blob/37101b7825edce7899c8a12e02f2153168ebc4df/apis/s3/src/main/java/org/jclouds/s3/filters/Aws4SignerForAuthorizationHeader.java#L76
> This is fine for AWS's official S3 endpoints which are only accessible via TCP ports
80 or 443, but is incorrect for communicating with "compatible" endpoints running on non-standard
ports. In the non-standard case, the host header should include a :port suffix.
> See HTTP RFC: https://tools.ietf.org/html/rfc7230#section-5.4

This message was sent by Atlassian JIRA

View raw message