使用临时URL进行授权访问
临时授权访问是指通过访问密钥、请求方法类型、请求参数等信息生成一个临时访问权限的URL,这个URL中会包含鉴权信息,您可以使用该URL进行访问OBS服务进行特定操作。在生成URL时,您需要指定URL的有效期。所有继承OBSBaseRequest的子类都能使用临时鉴权访问。
临时授权访问支持的操作以及相关信息见下表:
| 操作名 | OBS iOS SDK类名 |
|---|---|
| 创建桶 | OBSCreateBucketRequest |
| 获取桶列表 | OBSListBucketsRequest |
| 删除桶 | OBSDeleteBucketRequest |
| 列举桶内对象 | OBSListObjectsRequest |
| 列举桶内多版本对象 | OBSListObjectsVersionsRequest |
| 列举分段上传任务 | OBSListMultipartUploadsRequest |
| 获取桶元数据 | OBSGetBucketMetaDataRequest |
| 获取桶区域位置 | OBSGetBucketMetaDataRequest |
| 获取桶存量信息 | OBSGetBucketStorageInfoRequest |
| 设置桶配额 | OBSSetBucketQuotaRequest |
| 获取桶配额 | OBSGetBucketQuotaRequest |
| 设置桶ACL | OBSSetBucketACLWithCannedACLRequest、OBSSetBucketACLWithPolicyRequest |
| 获取桶ACL | OBSGetBucketACLRequest |
| 开启/关闭桶日志 | OBSSetBucketLoggingRequest |
| 查看桶日志 | OBSGetBucketLoggingRequest |
| 设置桶策略 | OBSSetBucketPolicyRequest、OBSSetBucketPolicyWithStringRequest |
| 查看桶策略 | OBSGetBucketPolicyRequest |
| 删除桶策略 | OBSDeleteBucketPolicyRequest |
| 设置生命周期规则 | OBSSetBucketLifecycleRequest |
| 查看生命周期规则 | OBSGetBucketLifecycleRequest |
| 删除生命周期规则 | OBSDeleteBucketLifecycleRequest |
| 设置托管配置 | OBSSetBucketWebsiteRequest |
| 查看托管配置 | OBSGetBucketWebsiteRequest |
| 清除托管配置 | OBSDeleteBucketWebsiteRequest |
| 设置桶多版本状态 | OBSSetBucketVersioningRequest |
| 查看桶多版本状态 | OBSGetBucketVersioningRequest |
| 设置跨域规则 | OBSSetBucketCORSRequest |
| 查看跨域规则 | OBSGetBucketCORSRequest |
| 删除跨域规则 | OBSDeleteBucketCORSRequest |
| OPTIONS桶 | OBSOptionsBucketRequest |
| 设置桶标签 | OBSSetBucketTaggingRequest |
| 查看桶标签 | OBSGetBucketTaggingRequest |
| 删除桶标签 | OBSDeleteBucketTaggingRequest |
| 上传对象 | OBSPutObjectWithDataRequest、OBSPutObjectWithFileRequest |
| 追上上传 | OBSAppendObjectWithFileRequest |
| 下载对象 | OBSGetObjectToDataRequest |
| 复制对象 | OBSCopyObjectRequest |
| 删除对象 | OBSDeleteObjectRequest |
| 批量删除对象 | OBSDeleteObjectsRequest |
| 获取对象属性 | OBSGetObjectMetaDataRequest |
| 设置对象ACL | OBSSetObjectACLRequest |
| 查看对象ACL | OBSGetObjectACLRequest |
| 初始化分段上传任务 | OBSInitiateMultipartUploadRequest |
| 上传段 | OBSUploadPartWithDataRequest |
| 复制段 | OBSCopyPartRequest |
| 列举已上传的段 | OBSListPartsRequest |
| 合并段 | OBSCompleteMultipartUploadRequest |
| 取消分段上传任务 | OBSAbortMultipartUploadRequest |
| OPTIONS对象 | OBSOptionsObjectRequest |
| 恢复归档存储对象 | OBSRestoreObjectRequest |
您可以通过createV2PreSignedURL生成授权访问的临时URL。以下代码展示了如何生成常用操作的URL:
列举对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSListObjectsRequest *request = [[OBSListObjectsRequest alloc] initWithBucketName:@"bucketname"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}] 获取对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSGetObjectToDataRequest *request = [[OBSGetObjectToDataRequest alloc] initWithBucketName:@"bucketname" objectKey:@"objectkey"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}] 
