apache · fmorg-git · Mar 17, 2026
diff --git a/...e/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/AWSSignatureProcessor.java b/...e/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/AWSSignatureProcessor.java
@@ -48,6 +48,7 @@
 import org.apache.hadoop.ozone.audit.AuditMessage;
 import org.apache.hadoop.ozone.s3.HeaderPreprocessor;
 import org.apache.hadoop.ozone.s3.exception.OS3Exception;
+import org.apache.hadoop.ozone.s3.exception.OSTSException;
 import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
 import org.apache.hadoop.ozone.s3.signature.SignatureInfo.Version;
 import org.apache.hadoop.ozone.s3.util.AuditUtils;
@@ -209,7 +210,8 @@ private byte[] readAllBytes(InputStream in) throws OS3Exception, IOException {
     int n;
     while ((n = in.read(chunk)) != -1) {
       if (totalRead + n > OZONE_S3G_STS_PAYLOAD_HASH_MAX_VALUE) {
-        throw PAYLOAD_TOO_LARGE;
+        throw new OSTSException(
+            PAYLOAD_TOO_LARGE.getCode(), PAYLOAD_TOO_LARGE.getErrorMessage(), PAYLOAD_TOO_LARGE.getHttpCode());
       }
       buffer.write(chunk, 0, n);
       totalRead += n;

diff --git a/...ateway/src/main/java/org/apache/hadoop/ozone/s3sts/S3STSEnabledEndpointRequestFilter.java b/...ateway/src/main/java/org/apache/hadoop/ozone/s3sts/S3STSEnabledEndpointRequestFilter.java
@@ -31,7 +31,7 @@
 /**
  * Filter that disables all endpoints annotated with {@link S3STSEnabled}.
  * Condition is based on the value of the configuration key
- * ozone.s3g.s3sts.http.enabled.
+ * ozone.s3g.sts.http.enabled.
  */
 @S3STSEnabled
 @Provider

diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3sts/S3STSEndpoint.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3sts/S3STSEndpoint.java
@@ -90,6 +90,17 @@ public class S3STSEndpoint extends S3STSEndpointBase {
   private static final String UNSUPPORTED_OPERATION = "UnsupportedOperation";
   private static final String MALFORMED_POLICY_DOCUMENT = "MalformedPolicyDocument";
 
+  // JAXBContext is relatively expensive to create and is threadsafe, so cache and reuse
+  private static final JAXBContext JAXB_CONTEXT;
+
+  static {
+    try {
+      JAXB_CONTEXT = JAXBContext.newInstance(S3AssumeRoleResponseXml.class);
+    } catch (JAXBException e) {
+      throw new RuntimeException("Failed to initialize JAXBContext: " + e, e);
+    }
+  }
+
   @Inject
   private RequestIdentifier requestIdentifier;
 
@@ -330,8 +341,7 @@ private String generateAssumeRoleResponse(String assumedRoleUserArn, AssumeRoleR
       meta.setRequestId(requestId);
       response.setResponseMetadata(meta);
 
-      final JAXBContext jaxbContext = JAXBContext.newInstance(S3AssumeRoleResponseXml.class);
-      final Marshaller marshaller = jaxbContext.createMarshaller();
+      final Marshaller marshaller = JAXB_CONTEXT.createMarshaller();
       marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
       final StringWriter stringWriter = new StringWriter();
       marshaller.marshal(response, stringWriter);