👀 Views: 0 💬 Answers: 1 📅 Created: 2025-06-15

OCI Object Storage Java Pre-signed URLs

Quick question that's been bugging me - I'm working on a project and hit a roadblock. I tried several approaches but none seem to work... I'm working on an application that allows users to upload files to Oracle Cloud Infrastructure (OCI) Object Storage using pre-signed URLs generated in a Java backend. Despite configuring the policy for the user to allow `object:put` permissions, I keep receiving an 'Insufficient Permissions' behavior when attempting to upload using these pre-signed URLs. Here’s a snippet of my code to generate the pre-signed URL: ```java import com.oracle.bmc.objectstorage.ObjectStorageClient; import com.oracle.bmc.objectstorage.requests.CreatePreauthenticatedRequestRequest; import com.oracle.bmc.objectstorage.model.PreauthenticatedRequestDetails; ObjectStorageClient client = ObjectStorageClient.builder().build(); String bucketName = "my-bucket"; String objectName = "my-file.txt"; PreauthenticatedRequestDetails details = PreauthenticatedRequestDetails.builder() .accessType(PreauthenticatedRequestDetails.AccessType.ObjectWrite) .timeExpires(Date.from(Instant.now().plus(1, ChronoUnit.HOURS))) .build(); CreatePreauthenticatedRequestRequest request = CreatePreauthenticatedRequestRequest.builder() .namespaceName("my-namespace") .bucketName(bucketName) .createPreauthenticatedRequestDetails(details) .build(); var response = client.createPreauthenticatedRequest(request); String preSignedUrl = response.getPreauthenticatedRequest().getAccessUri(); ``` I have verified that the user has the following policy applied: ``` allow group my-group to manage objects in compartment my-compartment allow group my-group to read buckets in compartment my-compartment ``` When I test the generated pre-signed URL via a simple `curl` command: ```bash curl -X PUT -T my-file.txt "<PRE_SIGNED_URL>" ``` I see the following behavior response: ``` HTTP/1.1 403 Forbidden {"code":"AccessDenied","message":"Insufficient Permissions"} ``` I have also ensured that the file size does not exceed the bucket limits and that the network configuration is correct. Can anyone provide insights on what might be going wrong? Are there specific permissions I might be overlooking, or could this be an scenario with how the pre-signed URL is being generated? Any ideas what could be causing this?