Don't attempt to use empty session tokens (#2633)

Bennett-Lynch · web-flow · commit a3fc4b483c22 · 2021-07-31T11:12:05.000-07:00
* Don't attempt to use empty session tokens

An empty session token would never be valid. In the case that certain
environmental conditions may produce an empty session token (rather
than null), don't attempt to use it.
diff --git a/.changes/next-release/bugfix-AWSSDKforJavav2-64dd59e.json b/.changes/next-release/bugfix-AWSSDKforJavav2-64dd59e.json
@@ -0,0 +1,6 @@
+{
+    "category": "AWS SDK for Java v2", 
+    "contributor": "", 
+    "type": "bugfix", 
+    "description": "Don't attempt to use empty session tokens"
+}
diff --git a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/SystemSettingsCredentialsProvider.java b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/SystemSettingsCredentialsProvider.java
@@ -49,7 +49,7 @@ public AwsCredentials resolveCredentials() {
         String secretKey = trim(loadSetting(SdkSystemSetting.AWS_SECRET_ACCESS_KEY).orElse(null));
         String sessionToken = trim(loadSetting(SdkSystemSetting.AWS_SESSION_TOKEN).orElse(null));
 
-        if (StringUtils.isEmpty(accessKey)) {
+        if (StringUtils.isBlank(accessKey)) {
             throw SdkClientException.builder()
                                     .message(String.format("Unable to load credentials from system settings. Access key must be" +
                                              " specified either via environment variable (%s) or system property (%s).",
@@ -58,7 +58,7 @@ public AwsCredentials resolveCredentials() {
                                     .build();
         }
 
-        if (StringUtils.isEmpty(secretKey)) {
+        if (StringUtils.isBlank(secretKey)) {
             throw SdkClientException.builder()
                                     .message(String.format("Unable to load credentials from system settings. Secret key must be" +
                                              " specified either via environment variable (%s) or system property (%s).",
@@ -67,8 +67,8 @@ public AwsCredentials resolveCredentials() {
                                     .build();
         }
 
-        return sessionToken == null ? AwsBasicCredentials.create(accessKey, secretKey)
-                                    : AwsSessionCredentials.create(accessKey, secretKey, sessionToken);
+        return StringUtils.isBlank(sessionToken) ? AwsBasicCredentials.create(accessKey, secretKey)
+                                                 : AwsSessionCredentials.create(accessKey, secretKey, sessionToken);
     }
 
     /**
