Monday, November 28, 2011

AccessControlException when pushing file to S3 bucket from GAE (on OSX)

This is one of those edge case scenarios that can drive people crazy.

I was trying to push a file from a Google App Engine app to an Amazon S3 bucket via the jetS3t API and it would keep coming back with an AccessControlException (access denied) kind of exception.

After quite a bit of digging around turns out the Mac default Java SDK will try to load a native library for the cryptographic needs of the S3 stuff and this is forbidden in GAE.

There's 2 workarounds apparently:
  1. if you feel adventurous, (as I did) add this to your VM args from Properties > Run/Debug settings > Edit launch configuration options > Arguments: -D--enable_all_permissions=true
  2. use another crypto library instead of the default (BouncyCastle is a common one, and it comes with the S3 API).  
Happy hacking!

EDIT (Dec 2nd 2011)Some news after more work on this, unfortunately solution 1) only fixes the problem locally - when you go and deploy you still get the same AccessControlException. Also, it appears that Google App Engine prevents you from specifying a custom crypto library so solution 2) is no good either. But bad news don't stop there, according to this thread
JetS3t is not compatibile with Google App Engine. Or the other way around. Because JetS3t uses a number of libraries and techniques that are not supported in the restricted execution environment of Google App Engine there is no easy way to remedy this.
Viable solutions seem to be:
  1. This contraband version of the AWS SDK forked for app-engine
  2. jclouds
I am in the process of trying some of this stuff. Will probably post something in a future post (if this stuff doesn't kill me first).

No comments: