使用临时URL进行授权访问
OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。
如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。
通过该方式可支持的操作以及相关信息见下表:
操作名 |
HTTP请求方法(OBS Android SDK对应值) |
特殊操作符(OBS Android SDK对应值) |
是否需要桶名 |
是否需要对象名 |
---|---|---|---|---|
创建桶 |
HttpMethodEnum.PUT |
N/A |
是 |
否 |
获取桶列表 |
HttpMethodEnum.GET |
N/A |
否 |
否 |
删除桶 |
HttpMethodEnum.DELETE |
N/A |
是 |
否 |
列举桶内对象 |
HttpMethodEnum.GET |
N/A |
是 |
否 |
列举桶内多版本对象 |
HttpMethodEnum.GET |
SpecialParamEnum.VERSIONS |
是 |
否 |
列举分段上传任务 |
HttpMethodEnum.GET |
SpecialParamEnum.UPLOADS |
是 |
否 |
获取桶元数据 |
HttpMethodEnum.HEAD |
N/A |
是 |
否 |
获取桶区域位置 |
HttpMethodEnum.GET |
SpecialParamEnum.LOCATION |
是 |
否 |
获取桶存量信息 |
HttpMethodEnum.GET |
SpecialParamEnum.STORAGEINFO |
是 |
否 |
设置桶配额 |
HttpMethodEnum.PUT |
SpecialParamEnum.QUOTA |
是 |
否 |
获取桶配额 |
HttpMethodEnum.GET |
SpecialParamEnum.QUOTA |
是 |
否 |
设置桶存储类型 |
HttpMethodEnum.PUT |
SpecialParamEnum.STORAGEPOLICY |
是 |
否 |
获取桶存储类型 |
HttpMethodEnum.GET |
SpecialParamEnum.STORAGEPOLICY |
是 |
否 |
设置桶访问权限 |
HttpMethodEnum.PUT |
SpecialParamEnum.ACL |
是 |
否 |
获取桶访问权限 |
HttpMethodEnum.GET |
SpecialParamEnum.ACL |
是 |
否 |
开启/关闭桶日志 |
HttpMethodEnum.PUT |
SpecialParamEnum.LOGGING |
是 |
否 |
查看桶日志 |
HttpMethodEnum.GET |
SpecialParamEnum.LOGGING |
是 |
否 |
设置桶策略 |
HttpMethodEnum.PUT |
SpecialParamEnum.POLICY |
是 |
否 |
查看桶策略 |
HttpMethodEnum.GET |
SpecialParamEnum.POLICY |
是 |
否 |
删除桶策略 |
HttpMethodEnum.DELETE |
SpecialParamEnum.POLICY |
是 |
否 |
设置生命周期规则 |
HttpMethodEnum.PUT |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
查看生命周期规则 |
HttpMethodEnum.GET |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
删除生命周期规则 |
HttpMethodEnum.DELETE |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
设置托管配置 |
HttpMethodEnum.PUT |
SpecialParamEnum.WEBSITE |
是 |
否 |
查看托管配置 |
HttpMethodEnum.GET |
SpecialParamEnum.WEBSITE |
是 |
否 |
清除托管配置 |
HttpMethodEnum.DELETE |
SpecialParamEnum.WEBSITE |
是 |
否 |
设置桶多版本状态 |
HttpMethodEnum.PUT |
SpecialParamEnum.VERSIONING |
是 |
否 |
查看桶多版本状态 |
HttpMethodEnum.GET |
SpecialParamEnum.VERSIONING |
是 |
否 |
设置跨域规则 |
HttpMethodEnum.PUT |
SpecialParamEnum.CORS |
是 |
否 |
查看跨域规则 |
HttpMethodEnum.GET |
SpecialParamEnum.CORS |
是 |
否 |
删除跨域规则 |
HttpMethodEnum.DELETE |
SpecialParamEnum.CORS |
是 |
否 |
设置桶标签 |
HttpMethodEnum.PUT |
SpecialParamEnum.TAGGING |
是 |
否 |
查看桶标签 |
HttpMethodEnum.GET |
SpecialParamEnum.TAGGING |
是 |
否 |
删除桶标签 |
HttpMethodEnum.DELETE |
SpecialParamEnum.TAGGING |
是 |
否 |
上传对象 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
追加上传 |
HttpMethodEnum.POST |
SpecialParamEnum.APPEND |
是 |
是 |
下载对象 |
HttpMethodEnum.GET |
N/A |
是 |
是 |
复制对象 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
删除对象 |
HttpMethodEnum.DELETE |
N/A |
是 |
是 |
批量删除对象 |
HttpMethodEnum.POST |
SpecialParamEnum.DELETE |
是 |
是 |
获取对象属性 |
HttpMethodEnum.HEAD |
N/A |
是 |
是 |
设置对象访问权限 |
HttpMethodEnum.PUT |
SpecialParamEnum.ACL |
是 |
是 |
查看对象访问权限 |
HttpMethodEnum.GET |
SpecialParamEnum.ACL |
是 |
是 |
初始化分段上传任务 |
HttpMethodEnum.POST |
SpecialParamEnum.UPLOADS |
是 |
是 |
上传段 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
复制段 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
列举已上传的段 |
HttpMethodEnum.GET |
N/A |
是 |
是 |
合并段 |
HttpMethodEnum.POST |
N/A |
是 |
是 |
取消分段上传任务 |
HttpMethodEnum.DELETE |
N/A |
是 |
是 |
恢复归档存储对象 |
HttpMethodEnum.POST |
SpecialParamEnum.RESTORE |
是 |
是 |
通过OBS Android SDK生成临时URL访问OBS的步骤如下:
- 通过ObsClient.createTemporarySignature生成带签名信息的URL。
- 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。
以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。
创建桶
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); String endPoint = "https://your-endpoint"; // 创建ObsClient实例 ObsClient obsClient = new ObsClient(ak, sk, endPoint); // URL有效期,3600秒 long expireSeconds = 3600L; TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds); request.setBucketName("bucketname"); TemporarySignatureResponse response = obsClient.createTemporarySignature(request); Log.i("CreateTemporarySignature", "Creating bucket using temporary signature url:"); Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl()); Request.Builder builder = new Request.Builder(); for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) { builder.header(entry.getKey(), entry.getValue()); } // 使用PUT请求创建桶 String location = "your bucket location"; Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(null, "<CreateBucketConfiguration><LocationConstraint>" + location + "</LocationConstraint></CreateBucketConfiguration>".getBytes())).build(); OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false) .cache(null).build(); Call c = httpClient.newCall(httpRequest); Response res = c.execute(); Log.i("CreateTemporarySignature", "\tStatus:" + res.code()); if (res.body() != null) { Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n"); } res.close();
上传对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); String endPoint = "https://your-endpoint"; // 创建ObsClient实例 ObsClient obsClient = new ObsClient(ak, sk, endPoint); // URL有效期,3600秒 long expireSeconds = 3600L; Map<String, String> headers = new HashMap<String, String>(); String contentType = "text/plain"; headers.put("Content-Type", contentType); TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds); request.setBucketName("bucketname"); request.setObjectKey("objectname"); request.setHeaders(headers); TemporarySignatureResponse response = obsClient.createTemporarySignature(request); Log.i("CreateTemporarySignature", "Creating object using temporary signature url:"); Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl()); Request.Builder builder = new Request.Builder(); for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) { builder.header(entry.getKey(), entry.getValue()); } //使用PUT请求上传对象 Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(MediaType.parse(contentType), "Hello OBS".getBytes("UTF-8"))).build(); OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false) .cache(null).build(); Call c = httpClient.newCall(httpRequest); Response res = c.execute(); Log.i("CreateTemporarySignature", "\tStatus:" + res.code()); if (res.body() != null) { Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n"); } res.close();
下载对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); String endPoint = "https://your-endpoint"; // 创建ObsClient实例 ObsClient obsClient = new ObsClient(ak, sk, endPoint); // URL有效期,3600秒 long expireSeconds = 3600L; TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds); request.setBucketName("bucketname"); request.setObjectKey("objectname"); TemporarySignatureResponse response = obsClient.createTemporarySignature(request); Log.i("CreateTemporarySignature", "Getting object using temporary signature url:"); Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl()); Request.Builder builder = new Request.Builder(); for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) { builder.header(entry.getKey(), entry.getValue()); } //使用GET请求下载对象 Request httpRequest = builder.url(response.getSignedUrl()).get().build(); OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false) .cache(null).build(); Call c = httpClient.newCall(httpRequest); Response res = c.execute(); Log.i("CreateTemporarySignature", "\tStatus:" + res.code()); if (res.body() != null) { Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n"); } res.close();
列举对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); String endPoint = "https://your-endpoint"; // 创建ObsClient实例 ObsClient obsClient = new ObsClient(ak, sk, endPoint); // URL有效期,3600秒 long expireSeconds = 3600L; TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds); request.setBucketName("bucketname"); TemporarySignatureResponse response = obsClient.createTemporarySignature(request); Log.i("CreateTemporarySignature", "Getting object list using temporary signature url:"); Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl()); Request.Builder builder = new Request.Builder(); for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) { builder.header(entry.getKey(), entry.getValue()); } //使用GET请求获取对象列表 Request httpRequest = builder.url(response.getSignedUrl()).get().build(); OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false) .cache(null).build(); Call c = httpClient.newCall(httpRequest); Response res = c.execute(); Log.i("CreateTemporarySignature", "\tStatus:" + res.code()); if (res.body() != null) { Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n"); } res.close();
删除对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); String endPoint = "https://your-endpoint"; // 创建ObsClient实例 ObsClient obsClient = new ObsClient(ak, sk, endPoint); // URL有效期,3600秒 long expireSeconds = 3600L; TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.DELETE, expireSeconds); request.setBucketName("bucketname"); request.setObjectKey("objectname"); TemporarySignatureResponse response = obsClient.createTemporarySignature(request); Log.i("CreateTemporarySignature", "Deleting object using temporary signature url:"); Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl()); Request.Builder builder = new Request.Builder(); for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) { builder.header(entry.getKey(), entry.getValue()); } //使用DELETE删除对象 Request httpRequest = builder.url(response.getSignedUrl()).delete().build(); OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false) .cache(null).build(); Call c = httpClient.newCall(httpRequest); Response res = c.execute(); Log.i("CreateTemporarySignature", "\tStatus:" + res.code()); if (res.body() != null) { Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n"); } res.close();
HttpMethodEnum是OBS Android SDK定义的枚举类型,代表请求方法类型。