aws-sdk-java
aws-sdk-java copied to clipboard
aws
Presigned V4 URLs using Java SDK
I have been trying to find a way to generate a presigned URL using SDK which also contain a policy document. However I found out that it is not possible as documented here:
Note that presigned URLs cannot be used to upload an object with an attached policy, as described in this blog post. That method is only suitable for POSTs from HTML forms by browsers.
My case is that I'm using SDK on a server that generates presigned URLs for clients. Then clients may use these to upload files to S3.
I would say there are a lot of cases where it is important to force specific content length or similar obligations on the request. So is this a final decision not to include policy signed URL generation in AWS SDK?
Thanks for reaching out to us. This is a very interesting feature request. I will bring this feature request to our team and talk about it to see whether we want to support it.
Hey @mohamnag,
AWS Java SDK already supports this feature. See here.
Just use HttpMethod.PUT as the verb for generating the presigned URL. Here is the sample code:
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucketName, key, HttpMethod.PUT);
URL url = s3.generatePresignedUrl(request);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod(request.getMethod().toString());
connection.setDoOutput(true);
connection.connect();
You can use connection.getOutputStream() to write the data you want to upload, ex the policy document.
This is not what I was asking for. This uploads the file directly using Java SDK to S3. What I want is to generate a presigned URL to give to a client which may or may not have access to any kind of AWS SDK but should be able to do a simple PUT or POST request to upload the file.
You currently have s3.generatePresignedUrl(request); but this does not support putting a policy document into the signed URL. The result is that client may do things that are not supposed to be possible, like uploading a file which is too big.
What I'm looking for is to impose limits inside the URL by attaching a policy document like what is described here only to do it completely on server side and just give client that final URL.
I already have a custom Java code that does so, but it would be nice to have it as part of SDK.
I'm not sure if presigned URLs support limiting content sizes, I'll have to ask the service team. If you know the exact content length you can always set that and it will be included in the signature but doesn't sound like it will help in this case.
there is no exact one, but there is a max length. and yes it is possible. thats at least what that linked page says. It is only impossible to build URLs using AWS SDK. But as I said, one can reproduce the signing process and do it on his own.
There's a createPresignedPost() function in JS SDK. See below. It would be helpful if Java SDK supports this, too. http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#createPresignedPost-property
Some website service do not support uploading a file with their web component through "PUT" method.
java.util.Date expiration = new java.util.Date(); long milliSeconds = expiration.getTime(); milliSeconds += 1000 * 60 * 30; // Add 20 mins. expiration.setTime(milliSeconds);
GeneratePresignedUrlRequest generatePresignedUrlRequest =
new GeneratePresignedUrlRequest(bucketName, objectKey);
generatePresignedUrlRequest.setMethod(HttpMethod.GET);
generatePresignedUrlRequest.setExpiration(expiration);
URL url = s3client.generatePresignedUrl(generatePresignedUrlRequest);
System.out.println("Pre-Signed URL = " + url.toString());
Hi AWS SDK Team, I also need the ability to limit the size of files uploaded via a pre-signed URL or request. Please consider implementing this.
Thanks, Michael
Hi,
Python boto3 has this as well - https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-presigned-urls.html#generating-a-presigned-url-to-upload-a-file . Would be nice to have it in java.
+1 It would great to have that method in Java SDK also For anybody in urgent need: https://github.com/kamil-perczynski/s3-direct-browser-upload
This would also be very useful for me! Is there any progress regarding this feature? I'm currently trying to set a max size on a file upload, whose URL is generated in the backend.
yeah, "progress" for an issue thats open for past 4 years seems to be a heavy word. looks like AWS has actually no interest in implementing things that community wants just what's dictated from above!
Hello all 👋
I created this open source library to upload files to AWS S3 using Pre Signed POST. I am officially opening up for usability test.
With it you can specify requirements and restrictions that the client using the pre-signed post, generated by you, must follow. The conditions can be the maximum size of the file, how the object key name should start with, encryption key and many others.
Feel free to check it out on github and maven central 👍
Cheers, Dyego
