使用临时URL进行授权访问
临时授权访问是指通过访问密钥、请求方法类型、请求参数等信息生成一个临时访问权限的URL,这个URL中会包含鉴权信息,您可以使用该URL进行访问OBS服务进行特定操作。在生成URL时,您需要指定URL的有效期。所有继承OBSBaseRequest的子类都能使用临时鉴权访问。
临时授权访问支持的操作以及相关信息见下表:
操作名 |
OBS iOS SDK类名 |
---|---|
创建桶 |
OBSCreateBucketRequest |
获取桶列表 |
OBSListBucketsRequest |
删除桶 |
OBSDeleteBucketRequest |
列举桶内对象 |
OBSListObjectsRequest |
列举桶内多版本对象 |
OBSListObjectsVersionsRequest |
列举分段上传任务 |
OBSListMultipartUploadsRequest |
获取桶元数据 |
OBSGetBucketMetaDataRequest |
获取桶区域位置 |
OBSGetBucketMetaDataRequest |
获取桶存量信息 |
OBSGetBucketStorageInfoRequest |
设置桶配额 |
OBSSetBucketQuotaRequest |
获取桶配额 |
OBSGetBucketQuotaRequest |
设置桶访问权限 |
OBSSetBucketACLWithCannedACLRequest、OBSSetBucketACLWithPolicyRequest |
获取桶访问权限 |
OBSGetBucketACLRequest |
开启/关闭桶日志 |
OBSSetBucketLoggingRequest |
查看桶日志 |
OBSGetBucketLoggingRequest |
设置桶策略 |
OBSSetBucketPolicyRequest、OBSSetBucketPolicyWithStringRequest |
查看桶策略 |
OBSGetBucketPolicyRequest |
删除桶策略 |
OBSDeleteBucketPolicyRequest |
设置生命周期规则 |
OBSSetBucketLifecycleRequest |
查看生命周期规则 |
OBSGetBucketLifecycleRequest |
删除生命周期规则 |
OBSDeleteBucketLifecycleRequest |
设置托管配置 |
OBSSetBucketWebsiteRequest |
查看托管配置 |
OBSGetBucketWebsiteRequest |
清除托管配置 |
OBSDeleteBucketWebsiteRequest |
设置桶多版本状态 |
OBSSetBucketVersioningRequest |
查看桶多版本状态 |
OBSGetBucketVersioningRequest |
设置跨域规则 |
OBSSetBucketCORSRequest |
查看跨域规则 |
OBSGetBucketCORSRequest |
删除跨域规则 |
OBSDeleteBucketCORSRequest |
OPTIONS桶 |
OBSOptionsBucketRequest |
设置桶标签 |
OBSSetBucketTaggingRequest |
查看桶标签 |
OBSGetBucketTaggingRequest |
删除桶标签 |
OBSDeleteBucketTaggingRequest |
上传对象 |
OBSPutObjectWithDataRequest、OBSPutObjectWithFileRequest |
追上上传 |
OBSAppendObjectWithFileRequest |
下载对象 |
OBSGetObjectToDataRequest |
复制对象 |
OBSCopyObjectRequest |
删除对象 |
OBSDeleteObjectRequest |
批量删除对象 |
OBSDeleteObjectsRequest |
获取对象属性 |
OBSGetObjectMetaDataRequest |
设置对象访问权限 |
OBSSetObjectACLRequest |
查看对象访问权限 |
OBSGetObjectACLRequest |
初始化分段上传任务 |
OBSInitiateMultipartUploadRequest |
上传段 |
OBSUploadPartWithDataRequest |
复制段 |
OBSCopyPartRequest |
列举已上传的段 |
OBSListPartsRequest |
合并段 |
OBSCompleteMultipartUploadRequest |
取消分段上传任务 |
OBSAbortMultipartUploadRequest |
OPTIONS对象 |
OBSOptionsObjectRequest |
恢复归档存储对象 |
OBSRestoreObjectRequest |
您可以通过createV2PreSignedURL生成授权访问的临时URL。以下代码展示了如何生成常用操作的URL:
列举对象
static OBSClient *client; NSString *endPoint = @"your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html char* ak_env = getenv("AccessKeyID"); char* sk_env = getenv("SecretAccessKey"); NSString *AK = [NSString stringWithUTF8String:ak_env]; NSString *SK = [NSString stringWithUTF8String:sk_env]; // 初始化身份验证 OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK]; //初始化服务配置 OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider]; // 初始化client client = [[OBSClient alloc] initWithConfiguration:conf]; OBSListObjectsRequest *request = [[OBSListObjectsRequest alloc] initWithBucketName:@"bucketname"]; // V2生成授权访问url [client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) { NSLog(@"%@",urlString); }]
获取对象
static OBSClient *client; NSString *endPoint = @"your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html char* ak_env = getenv("AccessKeyID"); char* sk_env = getenv("SecretAccessKey"); NSString *AK = [NSString stringWithUTF8String:ak_env]; NSString *SK = [NSString stringWithUTF8String:sk_env]; // 初始化身份验证 OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK]; //初始化服务配置 OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider]; // 初始化client client = [[OBSClient alloc] initWithConfiguration:conf]; OBSGetObjectToDataRequest *request = [[OBSGetObjectToDataRequest alloc] initWithBucketName:@"bucketname" objectKey:@"objectkey"]; // V2生成授权访问url [client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) { NSLog(@"%@",urlString); }]