在启用 SSE 的 FIFO 队列上调用 getQueueUrl() 结果为 403 / 对此队列的所有请求必须使用 HTTPS 和 SigV4
Invoking getQueueUrl() on FIFO Queue with SSE Enabled Results in 403 / All requests to this queue must use HTTPS and SigV4
我正在使用启用了 SSE 的 SQS FIFO 队列。当我使用 SQS 客户端调用 getQueueUrl() 时,抛出异常并显示消息 All requests to this queue must use HTTPS and SigV4.
使用最新版本的aws-java-sdk:
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk</artifactId>
<version>1.11.160</version>
</dependency>
以下代码重现了该问题:
public class SimpleSqsClient {
private static ClientConfiguration clientConfiguration() {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setProxyHost("proxy.foo.com");
clientConfiguration.setProxyPort(8099);
clientConfiguration.setProxyUsername("username");
clientConfiguration.setProxyPassword("password");
clientConfiguration.setProtocol(Protocol.HTTP);
clientConfiguration.setPreemptiveBasicProxyAuth(false);
return clientConfiguration;
}
public static void main(String[] args) throws Exception {
/*
* The ProfileCredentialsProvider will return your [default] credential
* profile by reading from the credentials file located at
* (~/.aws/credentials).
*/
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider().getCredentials();
} catch (Exception e) {
throw new AmazonClientException("Cannot load the credentials from the credential profiles file. "
+ "Please make sure that your credentials file is at the correct "
+ "location (~/.aws/credentials), and is in valid format.", e);
}
AmazonSQS sqs = AmazonSQSClientBuilder.standard().withClientConfiguration(clientConfiguration())
.withCredentials(new ProfileCredentialsProvider("SOME_PROFILE"))
.withRegion(Regions.US_EAST_1).build();
System.out.println("===========================================");
System.out.println("Simple SQS Test");
System.out.println("===========================================\n");
try {
System.out.println(sqs.getQueueUrl("some-sse-enabled-queue.fifo"));
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, which means your request made it "
+ "to Amazon SQS, but was rejected with an error response for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, which means the client encountered "
+ "a serious internal problem while trying to communicate with SQS, such as not "
+ "being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
输出:
Caught an AmazonServiceException, which means your request made it to Amazon SQS, but was rejected with an error response for some reason.
Error Message: All requests to this queue must use HTTPS and SigV4. (Service: AmazonSQS; Status Code: 403; Error Code: InvalidSecurity; Request ID: ...)
HTTP Status Code: 403
AWS Error Code: InvalidSecurity
Error Type: Client
Request ID: ...
改变
clientConfiguration.setProtocol(Protocol.HTTP);
至
clientConfiguration.setProtocol(Protocol.HTTPS);
问题已解决
我正在使用启用了 SSE 的 SQS FIFO 队列。当我使用 SQS 客户端调用 getQueueUrl() 时,抛出异常并显示消息 All requests to this queue must use HTTPS and SigV4.
使用最新版本的aws-java-sdk:
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk</artifactId>
<version>1.11.160</version>
</dependency>
以下代码重现了该问题:
public class SimpleSqsClient {
private static ClientConfiguration clientConfiguration() {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setProxyHost("proxy.foo.com");
clientConfiguration.setProxyPort(8099);
clientConfiguration.setProxyUsername("username");
clientConfiguration.setProxyPassword("password");
clientConfiguration.setProtocol(Protocol.HTTP);
clientConfiguration.setPreemptiveBasicProxyAuth(false);
return clientConfiguration;
}
public static void main(String[] args) throws Exception {
/*
* The ProfileCredentialsProvider will return your [default] credential
* profile by reading from the credentials file located at
* (~/.aws/credentials).
*/
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider().getCredentials();
} catch (Exception e) {
throw new AmazonClientException("Cannot load the credentials from the credential profiles file. "
+ "Please make sure that your credentials file is at the correct "
+ "location (~/.aws/credentials), and is in valid format.", e);
}
AmazonSQS sqs = AmazonSQSClientBuilder.standard().withClientConfiguration(clientConfiguration())
.withCredentials(new ProfileCredentialsProvider("SOME_PROFILE"))
.withRegion(Regions.US_EAST_1).build();
System.out.println("===========================================");
System.out.println("Simple SQS Test");
System.out.println("===========================================\n");
try {
System.out.println(sqs.getQueueUrl("some-sse-enabled-queue.fifo"));
} catch (AmazonServiceException ase) {
System.out.println("Caught an AmazonServiceException, which means your request made it "
+ "to Amazon SQS, but was rejected with an error response for some reason.");
System.out.println("Error Message: " + ase.getMessage());
System.out.println("HTTP Status Code: " + ase.getStatusCode());
System.out.println("AWS Error Code: " + ase.getErrorCode());
System.out.println("Error Type: " + ase.getErrorType());
System.out.println("Request ID: " + ase.getRequestId());
} catch (AmazonClientException ace) {
System.out.println("Caught an AmazonClientException, which means the client encountered "
+ "a serious internal problem while trying to communicate with SQS, such as not "
+ "being able to access the network.");
System.out.println("Error Message: " + ace.getMessage());
}
}
}
输出:
Caught an AmazonServiceException, which means your request made it to Amazon SQS, but was rejected with an error response for some reason.
Error Message: All requests to this queue must use HTTPS and SigV4. (Service: AmazonSQS; Status Code: 403; Error Code: InvalidSecurity; Request ID: ...)
HTTP Status Code: 403
AWS Error Code: InvalidSecurity
Error Type: Client
Request ID: ...
改变
clientConfiguration.setProtocol(Protocol.HTTP);
至
clientConfiguration.setProtocol(Protocol.HTTPS);
问题已解决