Index Changes

Amazon Web Service Use-cases

Invoking Amazon S3 REST API

Key Requirements

  1. Allow user to set HTTP Request operations, headers, such as "Authorization", "Content-Length" for PUT, "Content-Type"", "x-amz-security-token", etc
  2. Allow user to have access to HTTP Response headers, status code, body
  3. Ability to handle Redirects and 100-Continue
  4. Need to calculate message signature using crypto and base64 algorithm
  5. Need to set Http "Date" header using this format "EEE, dd MMM yyyy HH:mm:ss "
  6. Need to dynamically do "Get/Put/Delete/Head" operations on dynamic URLs, currently BPEL only allow dynamic URL, but not dynamic Http Verb.

Creating a Sample Project using BPEL as orchestration

AmazonWS REST security mechanism is a little different than Google's REST security mechanism. Google requires user to do a POST operation first using username/password, and returns a security token to be used for subsequent Http requests. AmazonWS security is different. Amazon pre-issue user a pair of accessKeyId/secretyAccessKey, and for every request, user needs to put in the Http header the "Authorization" header. This header is calculated using this formula:

Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;

Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( StringToSign ) ) );

StringToSign = HTTP-Verb + "\n" +
    Content-MD5 + "\n" +
    Content-Type + "\n" +
    Date + "\n" +
    CanonicalizedAmzHeaders +

CanonicalizedResource = [ "/" + Bucket ] +
    <HTTP-Request-URI, from the protocol name up to the query string> +
    [ sub-resource, if present. For example "?acl", "?location", "?logging", or "?torrent"];

CanonicalizedAmzHeaders = <described below>

Another requirement is that "Date" header should always be set, and should be in a compliant format such as "EEE, dd MMM yyyy HH:mm:ss ".

The above two items are easy to do in Java, but not easy to do in BPEL, thus in the sample project we are creating, we use a EJB webservice as a helper library for BPEL to accomplish these two tasks.

See Figures below:



Basically, the flow sequence is as follows"

  1. BPEL process is triggered by a HTTP client via HTTPBC
  2. BPEL calls EJB-WS to ask for the current Date, and saves it in a variable
  3. BPEL calls EJB-WS to calculate the message signature of this request, and saves it in a variable
  4. BPEL use HTTPBC to do a GET operation on a URL, populating all the required Http headers
  5. BPEL returns the GET response body to the HTTP client

See picture below on how to populate the HTTP headers in BPEL mapper:


To see how the sample project is built, download it from Note: to run it you have to replace the "secretAccessKey" in the BPEL file with your own secretAccessKey.


  • POST: as described above, POST operation is not really used in AmazonWS, PUT is the equivalent of POST here.
  • PUT: it is not currently supported by HTTPBC. It is supported by JAXWS, however, there seems to be a few problems with content-types, see issue tracked at bottom of the page.
  • DELETE: it is not currently supported by HTTPBC.
  • HEAD: it is not currently supported by HTTPBC.

Issues filed:

JSPWiki v2.4.100
« Home Index Changes Prefs
This page (revision-2) was last changed on 06-Nov-08 17:41 PM, -0800 by Edward Chou