Search code examples
javalinuxservletsamazon-s3lotus-domino

Loading AWS credentials from a Java servlet on a Lotus Domino server on Linux

I have this scenario: I created a Java servlet to be executed in a Lotus Domino server (just in case, the servlet is OUTSIDE from any database. It's in the folder <domino data>/domino/servlet/my_servlet.class). The servlet access a S3 server using a credentials file.

When I developed the servlet, I did my tests on a Windows server, and everything worked like a charm. But, when I did the same tests on a Linux server using the same credentials and the same servlet, it did not work.

The exception occured here:

    AWSCredentials credentials = null;
    try {
        credentials = new ProfileCredentialsProvider().getCredentials();
    } catch (Exception e) {
        throw new AmazonClientException(
                "Cannot load the credentials from the credential profiles file. " +
                "Please make sure that your credentials file is at the correct " +
                "location (~/.aws/credentials), and is in valid format.",
                e);
    }

Considering that the domino server is executed with the user notes, I put the credentials in notes/.aws/credentials. Nothing. I put it in the ec2-user/.aws/credentials (it's a EC2 server). Nothing again. Same exception.

About the Domino server, it's executed using a user notes. The .aws folder and the credentials file owner is notes. The permissions in the credentials file is 600. The servlet owner is notes too.

Do you have any idea about how can I resolve this?

TIA,

EDIT: I added this lines in the servlet:

res.setContentType("text/html");        
PrintWriter toBrowser = res.getWriter();        
//etc.
toBrowser.println("HOME: " + System.getProperty("user.home"));

I got this:

HOME: /home/notes

I checked this folder again and the credentials are still there. 

[root@ip-xxx-xxx-xxx-xxx notes]# ls -l /home/notes/.aws
total 4
-rw------- 1 notes notes 117 Nov 28 03:50 credentials
[root@ip-xxx-xxx-xxx-xxx notes]#

EDIT 2: I added this lines too:

File f = new File(System.getProperty("user.home") + "/.aws/credentials");

if(f.exists()){
    toBrowser.println("Credentials exists" + "<BR/>"); 
}else{
    toBrowser.println("Credentials DOES NOT exist" + "<BR/>"); 
}

And I got this:

Credentials exists

Therefore, the servlet has the right permissions to find the credentials file.

I'm stuck on this...

Solution

  • Well, the problem was that the servlet had no access to the environment variables

    enter image description here

    That's because there's a bug in the Lotus Domino server since the version 8.5. The solution was modify the java.policy file at $JAVA_HOME/lib/security adding this line:

    grant {
    [...]
    permission java.security.AllPermission;
    [...]
}

    Everything works again.