Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The provided security credentials are not valid. #277
My Java program uses 1.8.5. I decided to update the Java API to 1.8.11. I can connect to Amazon S3 but I am unable to connect to a third-party S3 provider any more. Has anything changed with authentication since 1.8.5? I downgraded my Java program to 1.8.5 and everything works normal.
The error message the S3 client reports:
The provided security credentials are not valid. (Service: Amazon S3; Status Code: 403; Error Code: InvalidSecurity; Request ID: EF8C16704B8011E4)
I know my credentials are correct and I tried multiple third-party S3 compatible services and have the same problem.
My credentials code;
What's happening is that in our 1.8.10 release, we switched the default signing protocol from V2 signing to V4 signing. The purpose of this change is to make sure the SDK is forward-compatible with new AWS regions where only V4 signing will be supported (e.g. the "cn-north-1" region that was recently launched).
Meanwhile, to ensure backwards-compatibility, the SDK is by default configured to keep using the old signing protocol for all the existing v2-supported regions. But... unfortunately this would only work if the SDK could recognize the endpoint, and in your case since the SDK doesn't understand the endpoint of non-AWS services, it will simply assume it's talking to a new AWS region, and then choose to use V4 protocol to sign the request. Apparently, the "s3-compatible" services you were working with don't understand this protocol yet, and as a result your request was rejected with 403 error.
Assuming these service vendors won't implement V4-signing support soon, a workaround for you is to manually override the signer via ClientConfiguration#setSignerOverride.
This is indeed a very hacky solution, but there's not much we can do about it before these service providers are truly "s3-compatible".