使用临时URL进行授权访问
临时授权访问是指通过访问密钥、请求方法类型、请求参数等信息生成一个临时访问权限的URL,这个URL中会包含鉴权信息,您可以使用该URL进行访问OBS服务进行特定操作。在生成URL时,您需要指定URL的有效期。所有继承OBSBaseRequest的子类都能使用临时鉴权访问。
临时授权访问支持的操作以及相关信息见下表:
|
操作名 |
OBS iOS SDK类名 |
|---|---|
|
创建桶 |
OBSCreateBucketRequest |
|
获取桶列表 |
OBSListBucketsRequest |
|
删除桶 |
OBSDeleteBucketRequest |
|
列举桶内对象 |
OBSListObjectsRequest |
|
列举桶内多版本对象 |
OBSListObjectsVersionsRequest |
|
列举分段上传任务 |
OBSListMultipartUploadsRequest |
|
获取桶元数据 |
OBSGetBucketMetaDataRequest |
|
获取桶区域位置 |
OBSGetBucketMetaDataRequest |
|
获取桶存量信息 |
OBSGetBucketStorageInfoRequest |
|
设置桶配额 |
OBSSetBucketQuotaRequest |
|
获取桶配额 |
OBSGetBucketQuotaRequest |
|
设置桶访问权限 |
OBSSetBucketACLWithCannedACLRequest、OBSSetBucketACLWithPolicyRequest |
|
获取桶访问权限 |
OBSGetBucketACLRequest |
|
开启/关闭桶日志 |
OBSSetBucketLoggingRequest |
|
查看桶日志 |
OBSGetBucketLoggingRequest |
|
设置桶策略 |
OBSSetBucketPolicyRequest、OBSSetBucketPolicyWithStringRequest |
|
查看桶策略 |
OBSGetBucketPolicyRequest |
|
删除桶策略 |
OBSDeleteBucketPolicyRequest |
|
设置生命周期规则 |
OBSSetBucketLifecycleRequest |
|
查看生命周期规则 |
OBSGetBucketLifecycleRequest |
|
删除生命周期规则 |
OBSDeleteBucketLifecycleRequest |
|
设置托管配置 |
OBSSetBucketWebsiteRequest |
|
查看托管配置 |
OBSGetBucketWebsiteRequest |
|
清除托管配置 |
OBSDeleteBucketWebsiteRequest |
|
设置桶多版本状态 |
OBSSetBucketVersioningRequest |
|
查看桶多版本状态 |
OBSGetBucketVersioningRequest |
|
设置跨域规则 |
OBSSetBucketCORSRequest |
|
查看跨域规则 |
OBSGetBucketCORSRequest |
|
删除跨域规则 |
OBSDeleteBucketCORSRequest |
|
OPTIONS桶 |
OBSOptionsBucketRequest |
|
设置桶标签 |
OBSSetBucketTaggingRequest |
|
查看桶标签 |
OBSGetBucketTaggingRequest |
|
删除桶标签 |
OBSDeleteBucketTaggingRequest |
|
上传对象 |
OBSPutObjectWithDataRequest、OBSPutObjectWithFileRequest |
|
追上上传 |
OBSAppendObjectWithFileRequest |
|
下载对象 |
OBSGetObjectToDataRequest |
|
复制对象 |
OBSCopyObjectRequest |
|
删除对象 |
OBSDeleteObjectRequest |
|
批量删除对象 |
OBSDeleteObjectsRequest |
|
获取对象属性 |
OBSGetObjectMetaDataRequest |
|
设置对象访问权限 |
OBSSetObjectACLRequest |
|
查看对象访问权限 |
OBSGetObjectACLRequest |
|
初始化分段上传任务 |
OBSInitiateMultipartUploadRequest |
|
上传段 |
OBSUploadPartWithDataRequest |
|
复制段 |
OBSCopyPartRequest |
|
列举已上传的段 |
OBSListPartsRequest |
|
合并段 |
OBSCompleteMultipartUploadRequest |
|
取消分段上传任务 |
OBSAbortMultipartUploadRequest |
|
OPTIONS对象 |
OBSOptionsObjectRequest |
|
恢复归档存储对象 |
OBSRestoreObjectRequest |
您可以通过createV2PreSignedURL生成授权访问的临时URL。以下代码展示了如何生成常用操作的URL:
列举对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSListObjectsRequest *request = [[OBSListObjectsRequest alloc] initWithBucketName:@"bucketname"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}]
获取对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSGetObjectToDataRequest *request = [[OBSGetObjectToDataRequest alloc] initWithBucketName:@"bucketname" objectKey:@"objectkey"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}]
