Re: Issue with Riak CS Pre-Authenticated URL

Wed, 27 Mar 2013 07:40:40 -0700 

Just adding a bit more info at the request of shino1.

I've got a URL 

http://intranet-development.myriakcs.com/fdcddce0-78ca-0130-bc9c-482a14143152?AWSAccessKeyId=1PBIAEUBPVXSASP0HKLC&Expires=1364393156&Signature=WMRuKTl73/TcmBj1UyH5agdg+NU=

which yields

<Error>
        <Code>AccessDenied</Code>
        <Message>Access Denied</Message>
        <Resource>
                /intranet-development/fdcddce0-78ca-0130-bc9c-482a14143152
        </Resource>
        <RequestId/>
</Error>

I've got an nginx server out the front of 2 CS instances but I've also run that 
URL directly against the CS instances and encountered the same result. I don't 
see any entries in the logs for Riak/Riak CS/Stanchion about the request aside 
from the 403 in the CS access logs. 

Cheers,
Dave

Begin forwarded message:

> From: Dave Finster <davefins...@me.com>
> Subject: Issue with Riak CS Pre-Authenticated URL
> Date: 27 March 2013 11:46:41 PM AEST
> To: riak-users@lists.basho.com
> 
> Hi Everyone
> 
> Have been playing with Riak and now CS for a little while and have got 
> everything working by just using the aws-sdk gem and dropped my CS 
> credentials and endpoint in. I do seem to have encountered an issue with the 
> generation of pre-authenticated urls, or the query string auth method. The 
> aws-sdk uses the S3Object.url_for method (source here: 
> https://github.com/aws/aws-sdk-ruby/blob/master/lib/aws/s3/s3_object.rb ) 
> which appears to property follow the auth guidelines 
> (http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth).
> 
> I'm trying to do a simple GET request for a file in a bucket and every URL 
> that gets generated comes back with 'Access Denied' and 403. The CS access 
> logs also show the same. 
> 
> Wondering if anyone has any tips for diagnosing this issue further. At the 
> moment I've just got my Ruby code downloading the stored file to a TempFile 
> and then feeding that back to the client. Using s3cmd and aws-sdk to fetch 
> the file works fine - just seems to be something to do with the query string 
> auth method.
> 
> Thanks,
> Dave


_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

Reply via email to