更新时间:2024-06-21 GMT+08:00

使用临时URL进行授权访问

开发过程中,您有任何问题可以在github上提交issue接口参考文档详细介绍了每个接口的参数和使用方法。

OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。

如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。

通过该方式可支持的操作以及相关信息见下表:

操作名

HTTP请求方法(OBS Android SDK对应值)

特殊操作符(OBS Android SDK对应值)

是否需要桶名

是否需要对象名

创建桶

HttpMethodEnum.PUT

N/A

获取桶列表

HttpMethodEnum.GET

N/A

删除桶

HttpMethodEnum.DELETE

N/A

列举桶内对象

HttpMethodEnum.GET

N/A

列举桶内多版本对象

HttpMethodEnum.GET

SpecialParamEnum.VERSIONS

列举分段上传任务

HttpMethodEnum.GET

SpecialParamEnum.UPLOADS

获取桶元数据

HttpMethodEnum.HEAD

N/A

获取桶区域位置

HttpMethodEnum.GET

SpecialParamEnum.LOCATION

获取桶存量信息

HttpMethodEnum.GET

SpecialParamEnum.STORAGEINFO

设置桶配额

HttpMethodEnum.PUT

SpecialParamEnum.QUOTA

获取桶配额

HttpMethodEnum.GET

SpecialParamEnum.QUOTA

设置桶存储类型

HttpMethodEnum.PUT

SpecialParamEnum.STORAGEPOLICY

获取桶存储类型

HttpMethodEnum.GET

SpecialParamEnum.STORAGEPOLICY

设置桶访问权限

HttpMethodEnum.PUT

SpecialParamEnum.ACL

获取桶访问权限

HttpMethodEnum.GET

SpecialParamEnum.ACL

开启/关闭桶日志

HttpMethodEnum.PUT

SpecialParamEnum.LOGGING

查看桶日志

HttpMethodEnum.GET

SpecialParamEnum.LOGGING

设置桶策略

HttpMethodEnum.PUT

SpecialParamEnum.POLICY

查看桶策略

HttpMethodEnum.GET

SpecialParamEnum.POLICY

删除桶策略

HttpMethodEnum.DELETE

SpecialParamEnum.POLICY

设置生命周期规则

HttpMethodEnum.PUT

SpecialParamEnum.LIFECYCLE

查看生命周期规则

HttpMethodEnum.GET

SpecialParamEnum.LIFECYCLE

删除生命周期规则

HttpMethodEnum.DELETE

SpecialParamEnum.LIFECYCLE

设置托管配置

HttpMethodEnum.PUT

SpecialParamEnum.WEBSITE

查看托管配置

HttpMethodEnum.GET

SpecialParamEnum.WEBSITE

清除托管配置

HttpMethodEnum.DELETE

SpecialParamEnum.WEBSITE

设置桶多版本状态

HttpMethodEnum.PUT

SpecialParamEnum.VERSIONING

查看桶多版本状态

HttpMethodEnum.GET

SpecialParamEnum.VERSIONING

设置跨域规则

HttpMethodEnum.PUT

SpecialParamEnum.CORS

查看跨域规则

HttpMethodEnum.GET

SpecialParamEnum.CORS

删除跨域规则

HttpMethodEnum.DELETE

SpecialParamEnum.CORS

设置桶标签

HttpMethodEnum.PUT

SpecialParamEnum.TAGGING

查看桶标签

HttpMethodEnum.GET

SpecialParamEnum.TAGGING

删除桶标签

HttpMethodEnum.DELETE

SpecialParamEnum.TAGGING

上传对象

HttpMethodEnum.PUT

N/A

追加上传

HttpMethodEnum.POST

SpecialParamEnum.APPEND

下载对象

HttpMethodEnum.GET

N/A

复制对象

HttpMethodEnum.PUT

N/A

删除对象

HttpMethodEnum.DELETE

N/A

批量删除对象

HttpMethodEnum.POST

SpecialParamEnum.DELETE

获取对象属性

HttpMethodEnum.HEAD

N/A

设置对象访问权限

HttpMethodEnum.PUT

SpecialParamEnum.ACL

查看对象访问权限

HttpMethodEnum.GET

SpecialParamEnum.ACL

初始化分段上传任务

HttpMethodEnum.POST

SpecialParamEnum.UPLOADS

上传段

HttpMethodEnum.PUT

N/A

复制段

HttpMethodEnum.PUT

N/A

列举已上传的段

HttpMethodEnum.GET

N/A

合并段

HttpMethodEnum.POST

N/A

取消分段上传任务

HttpMethodEnum.DELETE

N/A

恢复归档存储对象

HttpMethodEnum.POST

SpecialParamEnum.RESTORE

通过OBS Android SDK生成临时URL访问OBS的步骤如下:

  1. 通过ObsClient.createTemporarySignature生成带签名信息的URL。
  2. 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。

如果遇到跨域报错、签名不匹配问题,请参考以下步骤排查问题:

  1. 未配置跨域,需要在控制台配置CORS规则,请参考配置桶允许跨域请求
  2. 签名计算问题,请参考URL中携带签名排查签名参数是否正确;比如上传对象功能,后端将Content-Type参与计算签名生成授权URL,但是前端使用授权URL时没有设置Content-Type字段或者传入错误的值,此时会出现跨域错误。解决方案为:Content-Type字段前后端保持一致。

以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。

创建桶

// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;

TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Creating bucket using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());

Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
       builder.header(entry.getKey(), entry.getValue());
}
// 使用PUT请求创建桶
String location = "your bucket location";
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(null, "<CreateBucketConfiguration><LocationConstraint>" + location + "</LocationConstraint></CreateBucketConfiguration>".getBytes())).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
              .cache(null).build();

Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
       Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();

上传对象

// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;

Map<String, String> headers = new HashMap<String, String>();
String contentType = "text/plain";
headers.put("Content-Type", contentType);

TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
request.setHeaders(headers);

TemporarySignatureResponse response = obsClient.createTemporarySignature(request);

Log.i("CreateTemporarySignature", "Creating object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
       builder.header(entry.getKey(), entry.getValue());
}

//使用PUT请求上传对象
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(MediaType.parse(contentType), "Hello OBS".getBytes("UTF-8"))).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
              .cache(null).build();

Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
       Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();

下载对象

// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;


TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");

TemporarySignatureResponse response = obsClient.createTemporarySignature(request);

Log.i("CreateTemporarySignature", "Getting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
       builder.header(entry.getKey(), entry.getValue());
}

//使用GET请求下载对象
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
              .cache(null).build();

Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
       Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();

列举对象

// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;


TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");

TemporarySignatureResponse response = obsClient.createTemporarySignature(request);

Log.i("CreateTemporarySignature", "Getting object list using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
       builder.header(entry.getKey(), entry.getValue());
}

//使用GET请求获取对象列表
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
              .cache(null).build();

Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
       Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();

删除对象

// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;


TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.DELETE, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");

TemporarySignatureResponse response = obsClient.createTemporarySignature(request);

Log.i("CreateTemporarySignature", "Deleting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
       builder.header(entry.getKey(), entry.getValue());
}

//使用DELETE删除对象
Request httpRequest = builder.url(response.getSignedUrl()).delete().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
              .cache(null).build();

Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
       Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();

HttpMethodEnum是OBS Android SDK定义的枚举类型,代表请求方法类型。