aws · zoewangg · Oct 28, 2025 · zoewangg · Nov 6, 2025 · zoewangg
@@ -196,9 +196,9 @@ private static List<SignerPropertyValueProvider> propertiesFromConstants(SigV4Si
         return properties;
     }
 
-    private static SignerPropertyValueProvider from(String name,
-                                                    Supplier<Object> valueSupplier,
-                                                    Class<? extends AwsV4FamilyHttpSigner> containingClass) {
+    static SignerPropertyValueProvider from(String name,
+                                            Supplier<Object> valueSupplier,
+                                            Class<? extends AwsV4FamilyHttpSigner> containingClass) {
         return SignerPropertyValueProvider.builder()
                                           .containingClass(containingClass)
                                           .fieldName(name)

@@ -89,12 +89,6 @@ private static SigV4SignerDefaults sigv4Default() {
      *     <li>{@code payloadSigningEnabled(false)}
      * </ul>
      * <p>
-     * Also overrides for the following operations
-     *
-     * <ul>
-     *     <li>{@code UploadParts} Sets the defaults and also {@code chunkEncodingEnabled(true)}</li>
-     *     <li>{@code PutObject} Sets the defaults and also {@code chunkEncodingEnabled(true)}</li>
-     * </ul>
      */
     private static SigV4SignerDefaults s3Defaults() {
         return sigv4Default()
@@ -104,26 +98,6 @@ private static SigV4SignerDefaults s3Defaults() {
             .doubleUrlEncode(Boolean.FALSE)
             .normalizePath(Boolean.FALSE)
             .payloadSigningEnabled(Boolean.FALSE)
-            .putOperation("UploadPart",
-                          sigv4Default()
-                              .toBuilder()
-                              // Default S3 signer properties
-                              .doubleUrlEncode(Boolean.FALSE)
-                              .normalizePath(Boolean.FALSE)
-                              .payloadSigningEnabled(Boolean.FALSE)
-                              // Including chunkEncodingEnabled TRUE
-                              .chunkEncodingEnabled(Boolean.TRUE)
-                              .build())
-            .putOperation("PutObject",
-                          sigv4Default()
-                              .toBuilder()
-                              // Default S3 signer properties
-                              .doubleUrlEncode(Boolean.FALSE)
-                              .normalizePath(Boolean.FALSE)
-                              .payloadSigningEnabled(Boolean.FALSE)
-                              // Including chunkEncodingEnabled TRUE
-                              .chunkEncodingEnabled(Boolean.TRUE)
-                              .build())
             .build();
     }
 

@@ -15,9 +15,6 @@
 
 package software.amazon.awssdk.codegen.poet.auth.scheme;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.Objects;
 import software.amazon.awssdk.utils.Validate;
 
@@ -34,7 +31,6 @@ public final class SigV4SignerDefaults {
     private final Boolean normalizePath;
     private final Boolean payloadSigningEnabled;
     private final Boolean chunkEncodingEnabled;
-    private final Map<String, SigV4SignerDefaults> operations;
 
     private SigV4SignerDefaults(Builder builder) {
         this.service = builder.service;
@@ -44,7 +40,6 @@ private SigV4SignerDefaults(Builder builder) {
         this.normalizePath = builder.normalizePath;
         this.payloadSigningEnabled = builder.payloadSigningEnabled;
         this.chunkEncodingEnabled = builder.chunkEncodingEnabled;
-        this.operations = Collections.unmodifiableMap(new HashMap<>(builder.operations));
     }
 
     public boolean isServiceOverrideAuthScheme() {
@@ -79,10 +74,6 @@ public Boolean chunkEncodingEnabled() {
         return chunkEncodingEnabled;
     }
 
-    public Map<String, SigV4SignerDefaults> operations() {
-        return operations;
-    }
-
     public Builder toBuilder() {
         return new Builder(this);
     }
@@ -116,10 +107,8 @@ public boolean equals(Object o) {
         if (!Objects.equals(payloadSigningEnabled, defaults.payloadSigningEnabled)) {
             return false;
         }
-        if (!Objects.equals(chunkEncodingEnabled, defaults.chunkEncodingEnabled)) {
-            return false;
-        }
-        return operations.equals(defaults.operations);
+
+        return Objects.equals(chunkEncodingEnabled, defaults.chunkEncodingEnabled);
     }
 
     @Override
@@ -131,7 +120,6 @@ public int hashCode() {
         result = 31 * result + (normalizePath != null ? normalizePath.hashCode() : 0);
         result = 31 * result + (payloadSigningEnabled != null ? payloadSigningEnabled.hashCode() : 0);
         result = 31 * result + (chunkEncodingEnabled != null ? chunkEncodingEnabled.hashCode() : 0);
-        result = 31 * result + operations.hashCode();
         return result;
     }
 
@@ -148,8 +136,6 @@ public static class Builder {
         private Boolean payloadSigningEnabled;
         private Boolean chunkEncodingEnabled;
 
-        private Map<String, SigV4SignerDefaults> operations = new HashMap<>();
-
         public Builder() {
         }
 
@@ -161,7 +147,6 @@ public Builder(SigV4SignerDefaults other) {
             this.normalizePath = other.normalizePath;
             this.payloadSigningEnabled = other.payloadSigningEnabled;
             this.chunkEncodingEnabled = other.chunkEncodingEnabled;
-            this.operations.putAll(other.operations);
         }
 
         public String service() {
@@ -227,15 +212,6 @@ public Builder chunkEncodingEnabled(Boolean chunkEncodingEnabled) {
             return this;
         }
 
-        public Map<String, SigV4SignerDefaults> operations() {
-            return operations;
-        }
-
-        public Builder putOperation(String name, SigV4SignerDefaults constants) {
-            this.operations.put(name, constants);
-            return this;
-        }
-
         public SigV4SignerDefaults build() {
             return new SigV4SignerDefaults(this);
         }

@@ -439,16 +439,39 @@ public static IntermediateModel serviceWithH2UsePriorKnowledgeForH2() {
         return new IntermediateModelBuilder(models).build();
     }
 
-    public static IntermediateModel serviceMiniS3() {
+    public static IntermediateModel serviceS3() {
         File serviceModel =
-            new File(ClientTestModels.class.getResource("client/c2j/mini-s3/service-2.json").getFile());
+            new File(ClientTestModels.class.getResource("client/c2j/s3-test/service-2.json").getFile());
         File customizationModel =
-            new File(ClientTestModels.class.getResource("client/c2j/mini-s3/customization.config")
+            new File(ClientTestModels.class.getResource("client/c2j/s3-test/customization.config")
                                            .getFile());
+        File endpointRuleSet = new File(ClientTestModels.class.getResource("client/c2j/s3-test"
+                                                                + "/endpoint-rule-set.json")
+                                                   .getFile());
         C2jModels models = C2jModels
             .builder()
             .serviceModel(getServiceModel(serviceModel))
             .customizationConfig(getCustomizationConfig(customizationModel))
+            .endpointRuleSetModel(getEndpointRuleSet(endpointRuleSet))
+            .build();
+
+        return new IntermediateModelBuilder(models).build();
+    }
+
+    public static IntermediateModel serviceS3Control() {
+        File serviceModel =
+            new File(ClientTestModels.class.getResource("client/c2j/s3control-test/service-2.json").getFile());
+        File customizationModel =
+            new File(ClientTestModels.class.getResource("client/c2j/s3control-test/customization.config")
+                                           .getFile());
+        File endpointRuleSet = new File(ClientTestModels.class.getResource("client/c2j/s3control-test"
+                                                                           + "/endpoint-rule-set.json")
+                                                              .getFile());
+        C2jModels models = C2jModels
+            .builder()
+            .serviceModel(getServiceModel(serviceModel))
+            .customizationConfig(getCustomizationConfig(customizationModel))
+            .endpointRuleSetModel(getEndpointRuleSet(endpointRuleSet))
             .build();
 
         return new IntermediateModelBuilder(models).build();

@@ -161,11 +161,24 @@ static List<TestCase> parameters() {
                     .caseName("ops-with-no-auth")
                     .outputFileSuffix("default-provider")
                     .build(),
-            // Service with signature version with the same value as S3
+            // S3
             TestCase.builder()
-                    .modelProvider(ClientTestModels::serviceMiniS3)
+                    .modelProvider(ClientTestModels::serviceS3)
+                    .classSpecProvider(EndpointBasedAuthSchemeProviderSpec::new)
+                    .caseName("s3-test")
+                    .outputFileSuffix("default-provider")
+                    .build(),
+            TestCase.builder()
+                    .modelProvider(ClientTestModels::serviceS3)
                     .classSpecProvider(ModelBasedAuthSchemeProviderSpec::new)
-                    .caseName("mini-s3")
+                    .caseName("s3-test")
+                    .outputFileSuffix("fallback-provider")
+                    .build(),
+            // S3 control
+            TestCase.builder()
+                    .modelProvider(ClientTestModels::serviceS3Control)
+                    .classSpecProvider(ModelBasedAuthSchemeProviderSpec::new)
+                    .caseName("s3control-test")
                     .outputFileSuffix("default-provider")
                     .build(),
             TestCase.builder()
@@ -227,6 +240,13 @@ static List<TestCase> parameters() {
                     .classSpecProvider(AuthSchemeInterceptorSpec::new)
                     .caseName("env-bearer-token")
                     .outputFileSuffix("interceptor")
+                    .build(),
+            // Rest Json service with checksum
+            TestCase.builder()
+                    .modelProvider(ClientTestModels::restJsonServiceModels)
+                    .classSpecProvider(ModelBasedAuthSchemeProviderSpec::new)
+                    .caseName("rest-json-checksum")
+                    .outputFileSuffix("provider")
                     .build()
         );
     }

@@ -0,0 +1,52 @@
+package software.amazon.awssdk.services.json.auth.scheme.internal;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import software.amazon.awssdk.annotations.Generated;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
+import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
+import software.amazon.awssdk.services.json.auth.scheme.JsonAuthSchemeParams;
+import software.amazon.awssdk.services.json.auth.scheme.JsonAuthSchemeProvider;
+
+@Generated("software.amazon.awssdk:codegen")
+@SdkInternalApi
+public final class DefaultJsonAuthSchemeProvider implements JsonAuthSchemeProvider {
+    private static final DefaultJsonAuthSchemeProvider DEFAULT = new DefaultJsonAuthSchemeProvider();
+
+    private DefaultJsonAuthSchemeProvider() {
+    }
+
+    public static DefaultJsonAuthSchemeProvider create() {
+        return DEFAULT;
+    }
+
+    @Override
+    public List<AuthSchemeOption> resolveAuthScheme(JsonAuthSchemeParams params) {
+        List<AuthSchemeOption> options = new ArrayList<>();
+        switch (params.operation()) {
+            case "BearerAuthOperation":
+                options.add(AuthSchemeOption.builder().schemeId("smithy.api#httpBearerAuth").build());
+                break;
+            case "StreamingInputOutputOperation":
+                options.add(AuthSchemeOption.builder().schemeId("aws.auth#sigv4")
+                                            .putSignerProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, "json-service")
+                                            .putSignerProperty(AwsV4HttpSigner.REGION_NAME, params.region().id())
+                                            .putSignerProperty(AwsV4HttpSigner.PAYLOAD_SIGNING_ENABLED, false).build());
+                break;
+            case "PutOperationWithChecksum":
+                options.add(AuthSchemeOption.builder().schemeId("aws.auth#sigv4")
+                                            .putSignerProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, "json-service")
+                                            .putSignerProperty(AwsV4HttpSigner.REGION_NAME, params.region().id())
+                                            .putSignerProperty(AwsV4HttpSigner.CHUNK_ENCODING_ENABLED, true).build());
+                break;
+            default:
+                options.add(AuthSchemeOption.builder().schemeId("aws.auth#sigv4")
+                                            .putSignerProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, "json-service")
+                                            .putSignerProperty(AwsV4HttpSigner.REGION_NAME, params.region().id()).build());
+                break;
+        }
+        return Collections.unmodifiableList(options);
+    }
+}