使用临时URL进行授权访问
OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。
如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。
通过该方式可支持的操作以及相关信息见下表:
操作名 | HTTP请求方法(OBS Android SDK对应值) | 特殊操作符(OBS Android SDK对应值) | 是否需要桶名 | 是否需要对象名 |
|---|---|---|---|---|
创建桶 | HttpMethodEnum.PUT | N/A | 是 | 否 |
获取桶列表 | HttpMethodEnum.GET | N/A | 否 | 否 |
删除桶 | HttpMethodEnum.DELETE | N/A | 是 | 否 |
列举桶内对象 | HttpMethodEnum.GET | N/A | 是 | 否 |
列举桶内多版本对象 | HttpMethodEnum.GET | SpecialParamEnum.VERSIONS | 是 | 否 |
列举分段上传任务 | HttpMethodEnum.GET | SpecialParamEnum.UPLOADS | 是 | 否 |
获取桶元数据 | HttpMethodEnum.HEAD | N/A | 是 | 否 |
获取桶区域位置 | HttpMethodEnum.GET | SpecialParamEnum.LOCATION | 是 | 否 |
获取桶存量信息 | HttpMethodEnum.GET | SpecialParamEnum.STORAGEINFO | 是 | 否 |
设置桶配额 | HttpMethodEnum.PUT | SpecialParamEnum.QUOTA | 是 | 否 |
获取桶配额 | HttpMethodEnum.GET | SpecialParamEnum.QUOTA | 是 | 否 |
设置桶存储类型 | HttpMethodEnum.PUT | SpecialParamEnum.STORAGEPOLICY | 是 | 否 |
获取桶存储类型 | HttpMethodEnum.GET | SpecialParamEnum.STORAGEPOLICY | 是 | 否 |
设置桶ACL | HttpMethodEnum.PUT | SpecialParamEnum.ACL | 是 | 否 |
获取桶ACL | HttpMethodEnum.GET | SpecialParamEnum.ACL | 是 | 否 |
开启/关闭桶日志 | HttpMethodEnum.PUT | SpecialParamEnum.LOGGING | 是 | 否 |
查看桶日志 | HttpMethodEnum.GET | SpecialParamEnum.LOGGING | 是 | 否 |
设置桶策略 | HttpMethodEnum.PUT | SpecialParamEnum.POLICY | 是 | 否 |
查看桶策略 | HttpMethodEnum.GET | SpecialParamEnum.POLICY | 是 | 否 |
删除桶策略 | HttpMethodEnum.DELETE | SpecialParamEnum.POLICY | 是 | 否 |
设置生命周期规则 | HttpMethodEnum.PUT | SpecialParamEnum.LIFECYCLE | 是 | 否 |
查看生命周期规则 | HttpMethodEnum.GET | SpecialParamEnum.LIFECYCLE | 是 | 否 |
删除生命周期规则 | HttpMethodEnum.DELETE | SpecialParamEnum.LIFECYCLE | 是 | 否 |
设置托管配置 | HttpMethodEnum.PUT | SpecialParamEnum.WEBSITE | 是 | 否 |
查看托管配置 | HttpMethodEnum.GET | SpecialParamEnum.WEBSITE | 是 | 否 |
清除托管配置 | HttpMethodEnum.DELETE | SpecialParamEnum.WEBSITE | 是 | 否 |
设置桶多版本状态 | HttpMethodEnum.PUT | SpecialParamEnum.VERSIONING | 是 | 否 |
查看桶多版本状态 | HttpMethodEnum.GET | SpecialParamEnum.VERSIONING | 是 | 否 |
设置跨域规则 | HttpMethodEnum.PUT | SpecialParamEnum.CORS | 是 | 否 |
查看跨域规则 | HttpMethodEnum.GET | SpecialParamEnum.CORS | 是 | 否 |
删除跨域规则 | HttpMethodEnum.DELETE | SpecialParamEnum.CORS | 是 | 否 |
设置桶标签 | HttpMethodEnum.PUT | SpecialParamEnum.TAGGING | 是 | 否 |
查看桶标签 | HttpMethodEnum.GET | SpecialParamEnum.TAGGING | 是 | 否 |
删除桶标签 | HttpMethodEnum.DELETE | SpecialParamEnum.TAGGING | 是 | 否 |
上传对象 | HttpMethodEnum.PUT | N/A | 是 | 是 |
追加上传 | HttpMethodEnum.POST | SpecialParamEnum.APPEND | 是 | 是 |
下载对象 | HttpMethodEnum.GET | N/A | 是 | 是 |
复制对象 | HttpMethodEnum.PUT | N/A | 是 | 是 |
删除对象 | HttpMethodEnum.DELETE | N/A | 是 | 是 |
批量删除对象 | HttpMethodEnum.POST | SpecialParamEnum.DELETE | 是 | 是 |
获取对象属性 | HttpMethodEnum.HEAD | N/A | 是 | 是 |
设置对象ACL | HttpMethodEnum.PUT | SpecialParamEnum.ACL | 是 | 是 |
查看对象ACL | HttpMethodEnum.GET | SpecialParamEnum.ACL | 是 | 是 |
初始化分段上传任务 | HttpMethodEnum.POST | SpecialParamEnum.UPLOADS | 是 | 是 |
上传段 | HttpMethodEnum.PUT | N/A | 是 | 是 |
复制段 | HttpMethodEnum.PUT | N/A | 是 | 是 |
列举已上传的段 | HttpMethodEnum.GET | N/A | 是 | 是 |
合并段 | HttpMethodEnum.POST | N/A | 是 | 是 |
取消分段上传任务 | HttpMethodEnum.DELETE | N/A | 是 | 是 |
恢复归档存储对象 | HttpMethodEnum.POST | SpecialParamEnum.RESTORE | 是 | 是 |
通过OBS Android SDK生成临时URL访问OBS的步骤如下:
- 通过ObsClient.createTemporarySignature生成带签名信息的URL。
- 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。
以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。
创建桶
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Creating bucket using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
// 使用PUT请求创建桶
String location = "your bucket location";
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(null, "<CreateBucketConfiguration><LocationConstraint>" + location + "</LocationConstraint></CreateBucketConfiguration>".getBytes())).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close(); 上传对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
Map<String, String> headers = new HashMap<String, String>();
String contentType = "text/plain";
headers.put("Content-Type", contentType);
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.PUT, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
request.setHeaders(headers);
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Creating object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用PUT请求上传对象
Request httpRequest = builder.url(response.getSignedUrl()).put(RequestBody.create(MediaType.parse(contentType), "Hello OBS".getBytes("UTF-8"))).build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close(); 下载对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Getting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用GET请求下载对象
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close(); 列举对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.GET, expireSeconds);
request.setBucketName("bucketname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Getting object list using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用GET请求获取对象列表
Request httpRequest = builder.url(response.getSignedUrl()).get().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close(); 删除对象
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY_ID。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// 创建ObsClient实例
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
// URL有效期,3600秒
long expireSeconds = 3600L;
TemporarySignatureRequest request = new TemporarySignatureRequest(HttpMethodEnum.DELETE, expireSeconds);
request.setBucketName("bucketname");
request.setObjectKey("objectname");
TemporarySignatureResponse response = obsClient.createTemporarySignature(request);
Log.i("CreateTemporarySignature", "Deleting object using temporary signature url:");
Log.i("CreateTemporarySignature", "\t" + response.getSignedUrl());
Request.Builder builder = new Request.Builder();
for (Map.Entry<String, String> entry : response.getActualSignedRequestHeaders().entrySet()) {
builder.header(entry.getKey(), entry.getValue());
}
//使用DELETE删除对象
Request httpRequest = builder.url(response.getSignedUrl()).delete().build();
OkHttpClient httpClient = new OkHttpClient.Builder().followRedirects(false).retryOnConnectionFailure(false)
.cache(null).build();
Call c = httpClient.newCall(httpRequest);
Response res = c.execute();
Log.i("CreateTemporarySignature", "\tStatus:" + res.code());
if (res.body() != null) {
Log.i("CreateTemporarySignature", "\tContent:" + res.body().string() + "\n");
}
res.close(); 
HttpMethodEnum是OBS Android SDK定义的枚举类型,代表请求方法类型。
