使用临时URL进行授权访问
临时授权访问是指通过访问密钥、请求方法类型、请求参数等信息生成一个临时访问权限的URL,这个URL中会包含鉴权信息,您可以使用该URL进行访问OBS服务进行特定操作。在生成URL时,您需要指定URL的有效期。所有继承OBSBaseRequest的子类都能使用临时鉴权访问。
临时授权访问支持的操作以及相关信息见下表:
操作名 | OBS iOS SDK类名 |
|---|---|
创建桶 | OBSCreateBucketRequest |
获取桶列表 | OBSListBucketsRequest |
删除桶 | OBSDeleteBucketRequest |
列举桶内对象 | OBSListObjectsRequest |
列举桶内多版本对象 | OBSListObjectsVersionsRequest |
列举分段上传任务 | OBSListMultipartUploadsRequest |
获取桶元数据 | OBSGetBucketMetaDataRequest |
获取桶区域位置 | OBSGetBucketMetaDataRequest |
获取桶存量信息 | OBSGetBucketStorageInfoRequest |
设置桶配额 | OBSSetBucketQuotaRequest |
获取桶配额 | OBSGetBucketQuotaRequest |
设置桶ACL | OBSSetBucketACLWithCannedACLRequest、OBSSetBucketACLWithPolicyRequest |
获取桶ACL | OBSGetBucketACLRequest |
开启/关闭桶日志 | OBSSetBucketLoggingRequest |
查看桶日志 | OBSGetBucketLoggingRequest |
设置桶策略 | OBSSetBucketPolicyRequest、OBSSetBucketPolicyWithStringRequest |
查看桶策略 | OBSGetBucketPolicyRequest |
删除桶策略 | OBSDeleteBucketPolicyRequest |
设置生命周期规则 | OBSSetBucketLifecycleRequest |
查看生命周期规则 | OBSGetBucketLifecycleRequest |
删除生命周期规则 | OBSDeleteBucketLifecycleRequest |
设置托管配置 | OBSSetBucketWebsiteRequest |
查看托管配置 | OBSGetBucketWebsiteRequest |
清除托管配置 | OBSDeleteBucketWebsiteRequest |
设置桶多版本状态 | OBSSetBucketVersioningRequest |
查看桶多版本状态 | OBSGetBucketVersioningRequest |
设置跨域规则 | OBSSetBucketCORSRequest |
查看跨域规则 | OBSGetBucketCORSRequest |
删除跨域规则 | OBSDeleteBucketCORSRequest |
OPTIONS桶 | OBSOptionsBucketRequest |
设置桶标签 | OBSSetBucketTaggingRequest |
查看桶标签 | OBSGetBucketTaggingRequest |
删除桶标签 | OBSDeleteBucketTaggingRequest |
上传对象 | OBSPutObjectWithDataRequest、OBSPutObjectWithFileRequest |
追上上传 | OBSAppendObjectWithFileRequest |
下载对象 | OBSGetObjectToDataRequest |
复制对象 | OBSCopyObjectRequest |
删除对象 | OBSDeleteObjectRequest |
批量删除对象 | OBSDeleteObjectsRequest |
获取对象属性 | OBSGetObjectMetaDataRequest |
设置对象ACL | OBSSetObjectACLRequest |
查看对象ACL | OBSGetObjectACLRequest |
初始化分段上传任务 | OBSInitiateMultipartUploadRequest |
上传段 | OBSUploadPartWithDataRequest |
复制段 | OBSCopyPartRequest |
列举已上传的段 | OBSListPartsRequest |
合并段 | OBSCompleteMultipartUploadRequest |
取消分段上传任务 | OBSAbortMultipartUploadRequest |
OPTIONS对象 | OBSOptionsObjectRequest |
恢复归档存储对象 | OBSRestoreObjectRequest |
您可以通过createV2PreSignedURL生成授权访问的临时URL。以下代码展示了如何生成常用操作的URL:
列举对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSListObjectsRequest *request = [[OBSListObjectsRequest alloc] initWithBucketName:@"bucketname"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}] 获取对象
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
// 初始化身份验证
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
//初始化服务配置
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
// 初始化client
client = [[OBSClient alloc] initWithConfiguration:conf];
OBSGetObjectToDataRequest *request = [[OBSGetObjectToDataRequest alloc] initWithBucketName:@"bucketname" objectKey:@"objectkey"];
// V2生成授权访问url
[client createV2PreSignedURL:request expireAfter:3600 completionHandler:^(NSString *urlString, NSString *httpVerb, NSDictionary *signedHeaders) {
NSLog(@"%@",urlString);
}] 
