[JCLOUDS-1261] AWS v4 auth excludes port numbers from host header - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0, 2.0.1
Fix Version/s: 2.1.0, 2.0.2
Component/s: jclouds-blobstore
Labels:
- aws-s3
- s3

Description

The JClouds library is unable to communicate with S3 compatible services running on non-standard ports. This has been traced to the v4 authentication code.

In HTTP, the host header can "optionally" include a port number. In practice, this is included when the HTTP service is running on a non-standard port (i.e. not 80 or 443). The AWSv4 auth code uses only the hostname from the URI for the host header, as can be seen at:
https://github.com/jclouds/jclouds/blob/37101b7825edce7899c8a12e02f2153168ebc4df/apis/s3/src/main/java/org/jclouds/s3/filters/Aws4SignerForAuthorizationHeader.java#L76
This is fine for AWS's official S3 endpoints which are only accessible via TCP ports 80 or 443, but is incorrect for communicating with "compatible" endpoints running on non-standard ports. In the non-standard case, the host header should include a :port suffix.

See HTTP RFC: https://tools.ietf.org/html/rfc7230#section-5.4

Attachments

Activity

People

Assignee:: Andrew Gaul

Reporter:: Stephen Tomkinson

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Mar/17 13:09

Updated:: 05/Jul/17 21:41

Resolved:: 05/Jul/17 21:41