Note: All signer classes in this module are deprecated in favor of the new http-auth-aws module. This documentation is provided for legacy compatibility only.
Legacy AWS Signature Version 4 implementations for request signing, including specialized signers for S3 and event streams. New applications should use the http-auth-aws module instead.
Basic AWS Signature Version 4 signer implementation for standard HTTP requests.
/**
* AWS Signature Version 4 signer implementation
* @deprecated Use AwsV4HttpSigner from 'http-auth-aws' module instead
*/
@Deprecated
final class Aws4Signer extends BaseAws4Signer implements Signer {
/**
* Create AWS4 signer with default configuration
* @return Aws4Signer instance
*/
static Aws4Signer create();
/**
* Sign HTTP request with execution attributes
* @param request HTTP request to sign
* @param executionAttributes execution context containing credentials and region
* @return signed HTTP request
*/
SdkHttpFullRequest sign(SdkHttpFullRequest request, ExecutionAttributes executionAttributes);
/**
* Sign HTTP request with explicit parameters
* @param request HTTP request to sign
* @param requestBody request body content
* @param signerParams signing parameters
* @return signed HTTP request
*/
SdkHttpFullRequest sign(SdkHttpFullRequest request, ContentStreamProvider requestBody,
Aws4SignerParams signerParams);
}Asynchronous AWS Signature Version 4 signer for streaming request bodies.
/**
* Async AWS Signature Version 4 signer for streaming request bodies
* @deprecated Use AwsV4HttpSigner from 'http-auth-aws' module instead
*/
@Deprecated
final class AsyncAws4Signer extends BaseAws4Signer implements AsyncSigner {
/**
* Create async AWS4 signer
* @return AsyncAws4Signer instance
*/
static AsyncAws4Signer create();
/**
* Sign HTTP request asynchronously
* @param request HTTP request to sign
* @param requestBody async request body
* @param executionAttributes execution context
* @return CompletableFuture with signed request
*/
CompletableFuture<SdkHttpFullRequest> sign(SdkHttpFullRequest request,
AsyncRequestBody requestBody,
ExecutionAttributes executionAttributes);
/**
* Sign HTTP request with explicit parameters
* @param request HTTP request to sign
* @param requestBody async request body
* @param signerParams signing parameters
* @return CompletableFuture with signed request
*/
CompletableFuture<SdkHttpFullRequest> signWithBody(SdkHttpFullRequest request,
AsyncRequestBody requestBody,
Aws4SignerParams signerParams);
}AWS4 signer implementation specialized for Amazon S3 with S3-specific signing behavior.
/**
* AWS4 signer implementation specialized for S3
* @deprecated Use AwsV4HttpSigner from 'http-auth-aws' module instead
*/
@Deprecated
final class AwsS3V4Signer extends AbstractAwsS3V4Signer implements Signer {
/**
* Create S3-specific AWS4 signer
* @return AwsS3V4Signer instance
*/
static AwsS3V4Signer create();
// Inherits signing methods from parent classes
}AWS4 signer that uses unsigned payload for requests where payload signing is not required.
/**
* AWS4 signer with unsigned payload support
* @deprecated Use AwsV4HttpSigner from 'http-auth-aws' module instead
*/
@Deprecated
final class Aws4UnsignedPayloadSigner extends BaseAws4Signer implements Signer {
/**
* Create unsigned payload signer
* @return Aws4UnsignedPayloadSigner instance
*/
static Aws4UnsignedPayloadSigner create();
}AWS4 signer specialized for event stream signing used in real-time data streaming.
/**
* AWS4 signer for event stream signing
* @deprecated Use event stream signers from 'http-auth-aws-eventstream' module instead
*/
@Deprecated
final class EventStreamAws4Signer extends BaseEventStreamAsyncAws4Signer implements AsyncSigner {
/**
* Create event stream signer
* @return EventStreamAws4Signer instance
*/
static EventStreamAws4Signer create();
}Execution attributes for configuring signing behavior in the legacy signer system.
/**
* AWS-specific signing attributes for execution context
* @deprecated Replaced by signer properties on auth scheme options
*/
@Deprecated
final class AwsSignerExecutionAttribute {
/**
* AWS credentials for signing requests
*/
static final ExecutionAttribute<AwsCredentials> AWS_CREDENTIALS;
/**
* AWS region for signing
*/
static final ExecutionAttribute<Region> SIGNING_REGION;
/**
* Regional scope for signing (GLOBAL or REGIONAL)
*/
static final ExecutionAttribute<RegionScope> SIGNING_REGION_SCOPE;
/**
* Service name used for signing
*/
static final ExecutionAttribute<String> SERVICE_SIGNING_NAME;
/**
* Whether to double URL encode paths
*/
static final ExecutionAttribute<Boolean> SIGNER_DOUBLE_URL_ENCODE;
/**
* Whether to normalize URI paths
*/
static final ExecutionAttribute<Boolean> SIGNER_NORMALIZE_PATH;
/**
* Custom clock for signing (for testing)
*/
static final ExecutionAttribute<Clock> SIGNING_CLOCK;
/**
* Expiration time for presigned URLs
*/
static final ExecutionAttribute<Instant> PRESIGNER_EXPIRATION;
}
/**
* S3-specific signing execution attributes
*/
class S3SignerExecutionAttribute {
/**
* Enable S3 chunked encoding
*/
static final ExecutionAttribute<Boolean> ENABLE_CHUNKED_ENCODING;
/**
* Enable S3 payload signing
*/
static final ExecutionAttribute<Boolean> ENABLE_PAYLOAD_SIGNING;
}Parameter classes for configuring signing behavior.
/**
* Parameters for AWS4 signing operations
*/
class Aws4SignerParams {
/**
* Create builder for signing parameters
* @return Builder instance
*/
static Builder builder();
Boolean doubleUrlEncode();
Boolean normalizePath();
AwsCredentials awsCredentials();
String signingName();
Region signingRegion();
Optional<Integer> timeOffset();
Optional<Clock> signingClockOverride();
SignerChecksumParams checksumParams();
interface Builder extends CopyableBuilder<Builder, Aws4SignerParams> {
Builder doubleUrlEncode(Boolean doubleUrlEncode);
Builder normalizePath(Boolean normalizePath);
Builder awsCredentials(AwsCredentials awsCredentials);
Builder signingName(String signingName);
Builder signingRegion(Region signingRegion);
Builder timeOffset(Integer timeOffset);
Builder signingClockOverride(Clock signingClockOverride);
Builder checksumParams(SignerChecksumParams checksumParams);
Aws4SignerParams build();
}
}
/**
* Parameters specific to S3 V4 signing
*/
class AwsS3V4SignerParams extends Aws4SignerParams {
Boolean enablePayloadSigning();
Boolean enableChunkedEncoding();
interface Builder extends Aws4SignerParams.Builder {
Builder enablePayloadSigning(Boolean enablePayloadSigning);
Builder enableChunkedEncoding(Boolean enableChunkedEncoding);
AwsS3V4SignerParams build();
}
}
/**
* Parameters for AWS4 presigning operations
*/
class Aws4PresignerParams extends Aws4SignerParams {
Instant expirationTime();
interface Builder extends Aws4SignerParams.Builder {
Builder expirationTime(Instant expirationTime);
Aws4PresignerParams build();
}
}
/**
* Checksum parameters for signing
*/
class SignerChecksumParams {
String algorithm();
String checksumHeaderName();
Boolean isStreamingRequest();
interface Builder extends CopyableBuilder<Builder, SignerChecksumParams> {
Builder algorithm(String algorithm);
Builder checksumHeaderName(String checksumHeaderName);
Builder isStreamingRequest(Boolean isStreamingRequest);
SignerChecksumParams build();
}
}
/**
* Parameters for token-based signing operations
*/
class TokenSignerParams {
SdkToken token();
interface Builder extends CopyableBuilder<Builder, TokenSignerParams> {
Builder token(SdkToken token);
TokenSignerParams build();
}
}Utility classes supporting the legacy signing infrastructure.
/**
* Utility for loading signer implementations
*/
class SignerLoader {
/**
* Load signer by name
* @param signerType signer type identifier
* @return Signer instance
*/
static Signer getSigner(String signerType);
}For new applications, use the modern signing system from the http-auth-aws module:
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>http-auth-aws</artifactId>
<version>2.32.31</version>
</dependency>Migration example:
// Old (deprecated) approach
Aws4Signer signer = Aws4Signer.create();
SdkHttpFullRequest signedRequest = signer.sign(request, executionAttributes);
// New approach (recommended)
// Use AwsV4HttpSigner from http-auth-aws module insteadKey differences in new system:
Note: These examples are for legacy compatibility only. New code should use the http-auth-aws module.
import software.amazon.awssdk.auth.signer.*;
import software.amazon.awssdk.auth.credentials.*;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
// Legacy synchronous signing
Aws4Signer signer = Aws4Signer.create();
ExecutionAttributes attrs = ExecutionAttributes.builder()
.put(AwsSignerExecutionAttribute.AWS_CREDENTIALS, credentials)
.put(AwsSignerExecutionAttribute.SIGNING_REGION, Region.US_EAST_1)
.put(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME, "s3")
.build();
SdkHttpFullRequest signedRequest = signer.sign(request, attrs);
// Legacy asynchronous signing
AsyncAws4Signer asyncSigner = AsyncAws4Signer.create();
CompletableFuture<SdkHttpFullRequest> futureSignedRequest =
asyncSigner.sign(request, asyncBody, attrs);
// Legacy S3 signing
AwsS3V4Signer s3Signer = AwsS3V4Signer.create();
SdkHttpFullRequest s3SignedRequest = s3Signer.sign(request, attrs);Legacy signers may throw various exceptions:
try {
SdkHttpFullRequest signedRequest = signer.sign(request, executionAttributes);
} catch (SdkClientException e) {
// Signing failed - check for missing credentials or configuration
if (e.getMessage().contains("credentials")) {
// Missing or invalid credentials
} else if (e.getMessage().contains("region")) {
// Missing or invalid region
}
}Common error scenarios: