skip to Main Content

When I map my userdocumentseo to userdocumentsdto in java I get documents upload url like https://s3.amazonaws.com/approves3/44/IMG_0189.jpg.

This link can be opened by anyone whether or not the user is a member of my website. This is not secure. How to protect it?

2

Answers


  1. AWS provides good documentation on how to implement authentication for S3 assets using CloudFront.

    Login or Signup to reply.
  2. This answer assumes you want to allow access to the resources only for the application users. If that’s not the case, you may need to ask more specific question.

    This link can be opened by anyone whether or not the user is a member of my website

    If you make the resource public, you basically allowed any unauthenticated access. Regardless from your application or not.

    The default (adviced) way to protect the resources is making the object private and make the application creating a signed (temporary) url.

    https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-s3-presign.html

                   GetObjectRequest getObjectRequest = GetObjectRequest.builder()
                       .bucket(bucketName)
                       .key(keyName)
                       .build();
    
                   GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
                       .signatureDuration(Duration.ofMinutes(60))
                       .getObjectRequest(getObjectRequest)
                       .build();
    
                   PresignedGetObjectRequest presignedGetObjectRequest = presigner.presignGetObject(getObjectPresignRequest);
                   String theUrl = presignedGetObjectRequest.url().toString();
    
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search