Configuring BPA for a Bucket (SDK for Java)
Function
This API creates or modifies the public access block configuration of an OBS bucket by enabling or disabling the feature.

If you have any questions during development, post them on the Issues page of GitHub.
Restrictions
- To configure BPA for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPublicAccessBlock in IAM or PutBucketPublicAccessBlock in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
- The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
- If public access block is enabled, existing public access permissions are ignored and new public access permissions cannot be configured. If public access block is disabled, existing public access permissions continue to apply and new public access permissions can be configured.
- By default, BPA is disabled for new POSIX buckets but is enabled for new object buckets.
Method
obsClient.putBucketPublicAccessBlock(PutBucketPublicAccessBlockRequest request)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
request |
Yes |
Explanation: Request parameters for setting PublicAccessBlock for a bucket. For details, see Table 2. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
bucketName |
String |
Yes |
Explanation: Bucket name. Restrictions:
Default value: None |
bucketPublicAccessBlock |
No |
Explanation: PublicAccessBlock configuration of a bucket Restrictions: None Value range: None Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
blockPublicAcls |
Boolean |
No |
Explanation: Whether to block public ACLs. If this parameter is set to True, objects cannot be uploaded when the request includes a public ACL. Requests for modifying bucket or object ACLs fail if the requests include public ACLs. Restrictions: None Value range:
Default value: None |
ignorePublicAcls |
Boolean |
No |
Explanation: Whether to ignore public ACLs. If this parameter is set to True, the public ACL does not take effect during OpenAPI permissions checks. Restrictions: None Value range:
Default value: None |
blockPublicPolicy |
Boolean |
No |
Explanation: Whether to block the public policy. If this parameter is set to True, OBS rejects calls to modify bucket policies if the specified bucket policy allows public access. Restrictions: None Value range:
Default value: None |
restrictPublicBuckets |
Boolean |
No |
Explanation: Whether to restrict account access. If this parameter is set to True, only cloud service accounts and this account can access the bucket if a public bucket policy is found during the OpenAPI permissions check. Restrictions: None Value range:
Default value: None |
Responses
Parameter |
Type |
Description |
---|---|---|
statusCode |
int |
Explanation: HTTP status code. Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
responseHeaders |
Map<String, Object> |
Explanation: HTTP response header list, composed of tuples. In a tuple, the String key indicates the name of the header, and the Object value indicates the value of the header. Default value: None |
Code Examples
import com.obs.services.ObsClient; import com.obs.services.exception.ObsException; import com.obs.services.model.bpa.BucketPublicAccessBlock; import com.obs.services.model.bpa.PutBucketPublicAccessBlockRequest; import java.util.Map; public class PutBucketPublicAccessBlockDemo { public static void main(String[] args) { // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. // Obtain an AK/SK pair and a security token using environment variables or import them in other ways. // String securityToken = System.getenv("SECURITY_TOKEN"); // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one currently in use. String endPoint = "https://obs.ap-southeast-1.myhuaweicloud.com"; // Obtain an endpoint using environment variables or import it in other ways. // String endPoint = System.getenv("ENDPOINT"); // Create an ObsClient instance. // Use a permanent AK/SK pair to initialize the client. ObsClient obsClient = new ObsClient(ak, sk,endPoint); // Use a temporary AK/SK pair and security token to initialize the client. // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint); try { String bucketName = "example-bucket-name"; BucketPublicAccessBlock bucketPublicAccessBlock = new BucketPublicAccessBlock(); bucketPublicAccessBlock.setBlockPublicPolicy(false); PutBucketPublicAccessBlockRequest putBucketPublicAccessBlockRequest = new PutBucketPublicAccessBlockRequest(bucketName,bucketPublicAccessBlock); obsClient.putBucketPublicAccessBlock(putBucketPublicAccessBlockRequest); System.out.println("PutBucketPublicAccessBlock successfully"); } catch (ObsException e) { System.out.println("PutBucketPublicAccessBlock failed"); // Request failed. Print the HTTP status code. System.out.println("HTTP Code:" + e.getResponseCode()); // Request failed. Print the server-side error code. System.out.println("Error Code:" + e.getErrorCode()); // Request failed. Print the error details. System.out.println("Error Message:" + e.getErrorMessage()); // Request failed. Print the request ID. System.out.println("Request ID:" + e.getErrorRequestId()); System.out.println("Host ID:" + e.getErrorHostId()); Map<String, String> headers = e.getResponseHeaders();// Check Map entries and print all headers associated with the error. if(headers != null){ for (Map.Entry<String, String> header : headers.entrySet()) { System.out.println(header.getKey()+":"+header.getValue()); } } e.printStackTrace(); } catch (Exception e) { System.out.println("PutBucketPublicAccessBlock failed"); // Print other error details. e.printStackTrace(); } } }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot