Java 无法使用AES服务器端加密将对象上载到S3

我正试图通过

Java

API将一个对象上传到

S3

bucket。然而，无论我做什么，它都会抛出

拒绝访问

异常

private static void serverSideEncryption() throws NoSuchAlgorithmException {
    AmazonS3 S3_CLIENT = AmazonS3ClientBuilder.standard()
                                              .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                                              .withRegion(Regions.US_EAST_1)
                                              .build();
    PutObjectRequest putRequest = new PutObjectRequest(BUCKET_NAME, "dfsdf.ss",
            new File("/Users/fsdfs/Desktop/test.jpeg"));
    S3_CLIENT.putObject(putRequest);
    System.out.println("Object uploaded");
}

当我运行这个时，我得到

Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD1105A291B609D8; S3 Extended Request ID: Ls5wbbW2Yd43p75MJGSOjex0KvmgPiqNBupxpCcEvdMRkK4iptNPNCEwyOqokA=), S3 Extended Request ID: Ls5wbbW2Yd43p75MJGSOje70iqNBupxpCcEvdMRkK4iptNPNCEwyOqokA=
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1632)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4365)
    at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4312)
    at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1755)
    at com.xxx.aws.s3.S3Service.serverSideEncryption(S3Service.java:72)
    at com.xxx.aws.s3.S3Service.main(S3Service.java:58)

但是，如果我在AWS CLI中使用

aws s3api put-object --bucket zzz-yyy-xxx --key test/testfdf --server-side-encryption AES256

它工作得非常好

我还尝试了下面的代码

private static void serverSideEncryption() throws NoSuchAlgorithmException {
    KEY_GENERATOR = KeyGenerator.getInstance("AES");
    KEY_GENERATOR.init(256, new SecureRandom());
    SSE_KEY = new SSECustomerKey(KEY_GENERATOR.generateKey());
    AmazonS3 S3_CLIENT = AmazonS3ClientBuilder.standard()
                                              .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                                              .withRegion(Regions.US_EAST_1)
                                              .build();
    PutObjectRequest putRequest = new PutObjectRequest(BUCKET_NAME, "dfsdf.ss",
            new File("/Users/xx-xx/Desktop/dfdf.jpeg")).withSSECustomerKey(SSE_KEY);
    S3_CLIENT.putObject(putRequest);
    System.out.println("Object uploaded");
}

---

My bucket policy设置为AES encryption

检查您的bucket名称和访问密钥是否正确，403表示密钥不存在。这可能意味着bucket名称中的密钥或访问密钥

检查两个以确定

编辑：遵循AWS S3 SSE文档

要上载具有服务器端加密的对象，需要使用

ObjectMetaData

方法指定服务器端加密密钥，然后可以将此对象的引用用作

PutObjectRequest

中的参数

---

归因于OP的修改

我在

AWS CLI

中使用相同的访问ID和密钥。它工作得非常好。但是当我在java中使用相同的访问ID和密钥时，它抛出403。检查BUCKET_NAME变量是否与您试图发布的BUCKET的实际“key”名称匹配。403通常意味着Bucket不存在。我在哪里可以得到Bucket的“实际‘Key’名称”？我想您已经遵循了，谢谢您解决了这个问题。问题是我需要使用您提供的链接中的

ObjectMetaData

方法。否则就不行了。你能修改你的答案吗？这样我就可以把它标记为接受了？