使用Apache Camel上传到S3存储桶中，如何使用S3托管密钥启用服务器端加密？

发布于 2025-01-26 10:39:32 字数 905 浏览 1 评论 0原文

我将Apache骆驼与AWS2-S3模块一起使用来访问S3存储桶。我正在使用Endpoint-DSL来编程路线。

我可以从存储桶中连接并阅读，但是在尝试上传时，我会被拒绝。

我需要启用SSE-S3。我已经看到其他帖子说明需要设置X-Amz-Server侧加入标头，但是我该怎么做？

在AWS-S3组件的文档中，它指出：
camelawss3serversideConcryption使用AWS管理的键加密对象时，设置了服务器端加密算法。例如使用AES256。

我找不到文档中对AWS管理密钥的任何其他引用，除非它指的是KMS或客户密钥。
我已经尝试了.setheader（aws2s3constants.server_side_encryption，contand（“ aes256”）），它似乎并没有真正启用SSE-S3。

我还尝试以其他方式设置标头：

Map<String,Object> headers = new HashMap<>();
headers.put("x-amz-server-side-encryption", "AES256");
    ...
    .process(exchange -> {
        exchange.getIn().setHeader("x-amz-server-side-encryption", "AES256");
    })
    .setHeader(AWS2S3Constants.SERVER_SIDE_ENCRYPTION, constant("AES256"))
    .setHeader(AWS2S3Constants.METADATA, () -> headers)
    .setHeader("CamelAwsS3Headers", () -> headers)

原文

I'm using Apache Camel with the aws2-s3 module to access an S3 bucket. I'm using endpoint-dsl to program my routes.

I can connect to and read from the bucket, but I get Access Denied when trying to upload.

I need to enable SSE-S3. I've seen other posts that state that the x-amz-server-side-encryption header needs to be set, but how do I do that?

In the documentation for the aws-s3 component, it states:
CamelAwsS3ServerSideEncryption Sets the server-side encryption algorithm when encrypting the object using AWS-managed keys. For example use AES256.

I can't find any other reference to AWS-managed keys in the documentation unless it's referring to KMS or customer keys.
I've tried .setHeader(AWS2S3Constants.SERVER_SIDE_ENCRYPTION, constant("AES256")) which doesn't seem to actually enable SSE-S3.

I've also tried setting the header in these other ways:

Map<String,Object> headers = new HashMap<>();
headers.put("x-amz-server-side-encryption", "AES256");
    ...
    .process(exchange -> {
        exchange.getIn().setHeader("x-amz-server-side-encryption", "AES256");
    })
    .setHeader(AWS2S3Constants.SERVER_SIDE_ENCRYPTION, constant("AES256"))
    .setHeader(AWS2S3Constants.METADATA, () -> headers)
    .setHeader("CamelAwsS3Headers", () -> headers)

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

迟到的我 2025-02-02 10:39:32

这应该通过以下解决： https://issues.apache.apache.org.org/jira/browse/browse/browse /Camel-18064

在即将发布的3.17.0版本中可用。我今天早上修理了它。

回复收藏 0 原文

风轻花落早 2025-02-02 10:39:32

对于那些在使用Spring Boot时试图实现这一目标的人，您可以在iSusesses3标志aws2-s3骆驼组件配置上设置iSusesses3 flag。像Kotlin中的以下内容：

@Configuration
class CamelConfiguration {

    @Bean
    fun contextConfiguration(): CamelContextConfiguration {
        return object : CamelContextConfiguration {
            override fun beforeApplicationStart(camelContext: CamelContext) {
                (camelContext.getComponent("aws2-s3") as AWS2S3Component).apply {
                    configuration.isUseSSES3 = true
                }
            }

            override fun afterApplicationStart(camelContext: CamelContext) {
                // do nothing
            }
        }
    }
}

For those trying to achieve this while using Spring Boot, you can set the isUseSSES3 flag on the aws2-s3 Camel component configuration. Something like the following in kotlin:

@Configuration
class CamelConfiguration {

    @Bean
    fun contextConfiguration(): CamelContextConfiguration {
        return object : CamelContextConfiguration {
            override fun beforeApplicationStart(camelContext: CamelContext) {
                (camelContext.getComponent("aws2-s3") as AWS2S3Component).apply {
                    configuration.isUseSSES3 = true
                }
            }

            override fun afterApplicationStart(camelContext: CamelContext) {
                // do nothing
            }
        }
    }
}

回复收藏 0 原文

~没有更多了~