sodonnel commented on code in PR #9673:
URL: https://github.com/apache/ozone/pull/9673#discussion_r2733184302
##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/AWSSignatureProcessor.java:
##########
@@ -103,13 +104,49 @@ public SignatureInfo parseSignature() throws
OS3Exception, IOException, NoSuchAl
if (signatureInfo == null) {
signatureInfo = new
SignatureInfo.Builder(Version.NONE).setService("s3").build();
}
+
+ // Capture STS session token if present (header-based or query-based).
+ // - Header-based SigV4: x-amz-security-token
+ // - Query-based (for presigned URLs): X-Amz-Security-Token
+ final String sessionToken = extractSessionToken(headers);
+ if (sessionToken != null && !sessionToken.isEmpty()) {
+ signatureInfo.setSessionToken(sessionToken);
+ }
+
String payloadHash = getPayloadHash(headers, signatureInfo);
signatureInfo.setPayloadHash(payloadHash);
signatureInfo.setUnfilteredURI(
context.getUriInfo().getRequestUri().getPath());
return signatureInfo;
}
+ private String extractSessionToken(LowerCaseKeyStringMap headers) {
+ // Header-based token
+ final String headerToken = headers.get("x-amz-security-token");
Review Comment:
Would be nice to make "x-amz-security-token" a constant at the top of this
class, but we can do that in one of the followup PRs that builds on this one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
