使用临时URL进行授权访问
OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。
如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。
通过该方式可支持的操作以及相关信息见下表:
|
操作名 |
HTTP请求方法(OBS Android SDK对应值) |
特殊操作符(OBS Android SDK对应值) |
是否需要桶名 |
是否需要对象名 |
|---|---|---|---|---|
|
创建桶 |
HttpMethodEnum.PUT |
N/A |
是 |
否 |
|
获取桶列表 |
HttpMethodEnum.GET |
N/A |
否 |
否 |
|
删除桶 |
HttpMethodEnum.DELETE |
N/A |
是 |
否 |
|
列举桶内对象 |
HttpMethodEnum.GET |
N/A |
是 |
否 |
|
列举桶内多版本对象 |
HttpMethodEnum.GET |
SpecialParamEnum.VERSIONS |
是 |
否 |
|
列举分段上传任务 |
HttpMethodEnum.GET |
SpecialParamEnum.UPLOADS |
是 |
否 |
|
获取桶元数据 |
HttpMethodEnum.HEAD |
N/A |
是 |
否 |
|
获取桶区域位置 |
HttpMethodEnum.GET |
SpecialParamEnum.LOCATION |
是 |
否 |
|
获取桶存量信息 |
HttpMethodEnum.GET |
SpecialParamEnum.STORAGEINFO |
是 |
否 |
|
设置桶配额 |
HttpMethodEnum.PUT |
SpecialParamEnum.QUOTA |
是 |
否 |
|
获取桶配额 |
HttpMethodEnum.GET |
SpecialParamEnum.QUOTA |
是 |
否 |
|
设置桶存储类型 |
HttpMethodEnum.PUT |
SpecialParamEnum.STORAGEPOLICY |
是 |
否 |
|
获取桶存储类型 |
HttpMethodEnum.GET |
SpecialParamEnum.STORAGEPOLICY |
是 |
否 |
|
设置桶ACL |
HttpMethodEnum.PUT |
SpecialParamEnum.ACL |
是 |
否 |
|
获取桶ACL |
HttpMethodEnum.GET |
SpecialParamEnum.ACL |
是 |
否 |
|
开启/关闭桶日志 |
HttpMethodEnum.PUT |
SpecialParamEnum.LOGGING |
是 |
否 |
|
查看桶日志 |
HttpMethodEnum.GET |
SpecialParamEnum.LOGGING |
是 |
否 |
|
设置桶策略 |
HttpMethodEnum.PUT |
SpecialParamEnum.POLICY |
是 |
否 |
|
查看桶策略 |
HttpMethodEnum.GET |
SpecialParamEnum.POLICY |
是 |
否 |
|
删除桶策略 |
HttpMethodEnum.DELETE |
SpecialParamEnum.POLICY |
是 |
否 |
|
设置生命周期规则 |
HttpMethodEnum.PUT |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
|
查看生命周期规则 |
HttpMethodEnum.GET |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
|
删除生命周期规则 |
HttpMethodEnum.DELETE |
SpecialParamEnum.LIFECYCLE |
是 |
否 |
|
设置托管配置 |
HttpMethodEnum.PUT |
SpecialParamEnum.WEBSITE |
是 |
否 |
|
查看托管配置 |
HttpMethodEnum.GET |
SpecialParamEnum.WEBSITE |
是 |
否 |
|
清除托管配置 |
HttpMethodEnum.DELETE |
SpecialParamEnum.WEBSITE |
是 |
否 |
|
设置桶多版本状态 |
HttpMethodEnum.PUT |
SpecialParamEnum.VERSIONING |
是 |
否 |
|
查看桶多版本状态 |
HttpMethodEnum.GET |
SpecialParamEnum.VERSIONING |
是 |
否 |
|
设置跨域规则 |
HttpMethodEnum.PUT |
SpecialParamEnum.CORS |
是 |
否 |
|
查看跨域规则 |
HttpMethodEnum.GET |
SpecialParamEnum.CORS |
是 |
否 |
|
删除跨域规则 |
HttpMethodEnum.DELETE |
SpecialParamEnum.CORS |
是 |
否 |
|
设置桶标签 |
HttpMethodEnum.PUT |
SpecialParamEnum.TAGGING |
是 |
否 |
|
查看桶标签 |
HttpMethodEnum.GET |
SpecialParamEnum.TAGGING |
是 |
否 |
|
删除桶标签 |
HttpMethodEnum.DELETE |
SpecialParamEnum.TAGGING |
是 |
否 |
|
上传对象 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
|
追加上传 |
HttpMethodEnum.POST |
SpecialParamEnum.APPEND |
是 |
是 |
|
下载对象 |
HttpMethodEnum.GET |
N/A |
是 |
是 |
|
复制对象 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
|
删除对象 |
HttpMethodEnum.DELETE |
N/A |
是 |
是 |
|
批量删除对象 |
HttpMethodEnum.POST |
SpecialParamEnum.DELETE |
是 |
是 |
|
获取对象属性 |
HttpMethodEnum.HEAD |
N/A |
是 |
是 |
|
设置对象ACL |
HttpMethodEnum.PUT |
SpecialParamEnum.ACL |
是 |
是 |
|
查看对象ACL |
HttpMethodEnum.GET |
SpecialParamEnum.ACL |
是 |
是 |
|
初始化分段上传任务 |
HttpMethodEnum.POST |
SpecialParamEnum.UPLOADS |
是 |
是 |
|
上传段 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
|
复制段 |
HttpMethodEnum.PUT |
N/A |
是 |
是 |
|
列举已上传的段 |
HttpMethodEnum.GET |
N/A |
是 |
是 |
|
合并段 |
HttpMethodEnum.POST |
N/A |
是 |
是 |
|
取消分段上传任务 |
HttpMethodEnum.DELETE |
N/A |
是 |
是 |
|
恢复归档存储对象 |
HttpMethodEnum.POST |
SpecialParamEnum.RESTORE |
是 |
是 |
通过OBS Android SDK生成临时URL访问OBS的步骤如下:
- 通过ObsClient.createTemporarySignature生成带签名信息的URL。
- 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。
以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。
创建桶
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Creating bucket using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
// 使用PUT请求创建桶
String location = "your bucket location";
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(null, "<CreateBucketConfiguration><LocationConstraint>" + location + "</LocationConstraint></CreateBucketConfiguration>".getBytes())).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();
上传对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
Map<String, String> headers = new HashMap<String, String>();
String contentType = "text/plain";
headers.put("Content-Type", contentType);
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
request.setHeaders(headers);
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Creating object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用PUT请求上传对象
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(MediaType.parse(contentType), "Hello OBS".getBytes("UTF-8"))).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();
下载对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Getting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用GET请求下载对象
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();
列举对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Getting object list using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用GET请求获取对象列表
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();
删除对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.DELETE, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Deleting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用DELETE删除对象
Request httpRequest = builder.url(response.getSignedUrl()).delete().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close();
HttpMethodEnum是OBS Android SDK定义的枚举类型,代表请求方法类型。
