0

I am using;

  • Eclipse Juno
  • ADT-22.3.0
  • aws-android-sdk-1.7.0

For using AWS Token Vending machine code I used sample code for android from below link; http://aws.amazon.com/code/4598681430241367

My Identity TVM module is deployed on Glassfish server 4.0

My AmazonS3PersonalFileStore sample for android when tries to communicate with Identity TVM sample; its giving error

11-24 15:16:54.886: W/AmazonTVMClient(2262): Request to Token Vending Machine failed with Code: [404] Message: [Unable to reach resource at [http://ip.ip.ip.ip:8080/tvm/login?uid=59434cd89b7ff4b72695fbe55dc06e10&username=useruser&timestamp=2013-11-24T15%3A16%3A54.149Z&signature=fca134941ac0f1432568b1590057a64c1a537934d0f7c94b380c9fb23758bbd8]]

and server side shows error;

[2013-11-24T15:17:00.095+0000] [glassfish 4.0] [WARNING] [] [TokenVendingMachineLogger] [tid: _ThreadID=19 _ThreadName=http-listener-1(2)] [timeMillis: 1385306220095] [levelValue: 900] [[
  Client signature : fca134941ac0f1432568b1590057a64c1a537934d0f7c94b380c9fb23758bbd8 doesnot match with server generated signature .Setting Http status code 401]]

[2013-11-24T15:17:00.097+0000] [glassfish 4.0] [SEVERE] [] [TokenVendingMachineLogger] [tid: _ThreadID=19 _ThreadName=http-listener-1(2)] [timeMillis: 1385306220097] [levelValue: 1000] [[Error validating login request for username : useruser]]`

if someone can help give points to resolve it; also I hope there is nothing special needs to be done to suit Identity TVM code to run on glassfish?


EDIT

When I deploy IdentityTVM.war (out of the box that comes with download) on ElasticBeanstalk - it works perfectly. I think problem is with the way I am modifying code to work on glassfish. I am doing following changes in TVM Code;

  1. com.amazonaws.tvm.Configuration: hardcoded three items with my TVMUser (created in IAM) credentials (AWS_ACCESS_KEY_ID,AWS_SECRET_KEY,APP_NAME)
  2. TokenVendingMachinePolicy.json: changed my policy as below;

    {"Statement": [ {"Effect":"Allow","Action":["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Resource":"arn:aws:s3:::MyBUCKET/__USERNAME__/*"}, {"Effect":"Allow","Action":"s3:ListBucket","Resource":"arn:aws:s3:::MyBUCKET","Condition":{"StringLike":{"s3:prefix":"__USERNAME__/"}}}, {"Effect":"Deny","Action":["iam:*", "sts:*", "sdb:*"],"Resource":"*"}]}

Am I following right steps to modify IdentityTVM for deployment of glassfish? I have to use glassfish since our architecture have a cluster environment based on it.

khawarizmi
  • 593
  • 5
  • 19
  • Make sure you are using the same application name in both the Android application and the TVM deployed in glassfish, that is the most likely source of this error. – Bob Kinney Nov 25 '13 at 17:59
  • I have tried after hardcoding appname such that, server side app name in com.amazonaws.tvm.Configuration.getAppName and client side's AwsCredentials.properties file's appName are same. Still same result – khawarizmi Nov 28 '13 at 11:45
  • Did you previously run this sample with a different TVM, perhaps hosted in Beanstalk? You may need to wipe the UserPreferences for the simulator/device to allow the device to successfully register again. – Bob Kinney Nov 29 '13 at 17:55
  • @Bob Kinney , I was careful on that point. I also tried various simulators (1)default ADK with eclipse (2)Genymotion(faster) still same. Please check Question Edit if u ve comments with the way I am modifying IdentityTVM code for deployment on glassfish v4.0? – khawarizmi Dec 01 '13 at 00:12
  • I don't see anything wrong with the changes you've made. The changes you've made would not seem to effect the ability for users to login. You may want to add some additional logging in the TVM to make sure it is functioning properly inside glassfish, particularly in the code that is generating the signature to validate the client signature. I would also verify that query parameters (particularly the timestamp) are being properly pulled out of the request when passed to glassfish. – Bob Kinney Dec 02 '13 at 20:55
  • Did you ever solve this problem? I'm running into a similar problem. – mp2526 Jan 10 '14 at 00:39
  • @mp2526 Couldnt solve it - I ended up deploying it on beanstalk for my testing.. – khawarizmi Jan 15 '14 at 15:21

1 Answers1

0

I think this will be a problem with your endpoints not matching up, ie:

Client:

AwsCredential.properties

tokenVendingMachineURL=tvm.mydomain.com

TVM

endpoint derived from

HttpServletRequest.getServerName()

I was having the same 401 problem and this was the cause of it. See my post on the Amazon Mobile Forums: https://forums.aws.amazon.com/thread.jspa?threadID=143949

The TVM was using localhost as the endpoint. I needed to update my vhosts file for the project to contain ProxyPreserveHost On

Hope this helps.

derekdon
  • 136
  • 9