生成预签名URL
API参考
- S3 API
- S3 API概述
- S3 API接口概览
- 服务器域名
- 签名认证
- 公共头定义
- 关于Service操作
- 关于Bucket操作
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- Delete Bucket InventoryConfiguration
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Get Bucket object lock configuration
- Get Bucket tagging
- Get Bucket accelerate
- Get Bucket InventoryConfiguration
- Head Bucket
- Get Bucket Logging
- List Multipart Uploads
- List Bucket InventoryConfigurations
- PUT Bucket notification
- Put Bucket
- Put Bucket cors
- Put Bucket ACL
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket object lock configuration
- Put Bucket tagging
- Put Bucket accelerate
- Put Bucket InventoryConfiguration
- Put Bucket Logging
- 关于Object操作
- Abort Multipart Upload
- Complete Multipart Upload
- Delete Multiple Objects
- Delete Object
- Get Object
- Get Object legal hold
- Get Object retention
- Get Object Tagging
- Head Object
- Initiate Multipart Upload
- List Parts
- Post Object
- Put Object
- Put Object Copy
- Put Object legal hold
- Put Object retention
- Put Object Tagging
- Upload Part
- Upload Part Copy
- Post Object Restore
- Select Object Content(公测)
- 错误响应
- 扩展接口
- 京东云OpenAPI
- 旧版OSS API 简介(不推荐)
产品文档
弹性计算
存储
数据库
网络与 CDN
容器与中间件
混合多云
安全
终端安全
域名安全
人工智能
AI工具服务
开发与运维
企业服务与云通信
大数据
区块链
区块链
对象存储
- 产品概览
- 产品公告
- 产品动态
- 产品简介
- 产品定价
- 入门指南
- 操作指南
- SDK文档
- 最佳实践
- 常见问题
- 用户协议
- API参考
- S3 API
- S3 API概述
- S3 API接口概览
- 服务器域名
- 签名认证
- 公共头定义
- 关于Service操作
- 关于Bucket操作
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- Delete Bucket InventoryConfiguration
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Get Bucket object lock configuration
- Get Bucket tagging
- Get Bucket accelerate
- Get Bucket InventoryConfiguration
- Head Bucket
- Get Bucket Logging
- List Multipart Uploads
- List Bucket InventoryConfigurations
- PUT Bucket notification
- Put Bucket
- Put Bucket cors
- Put Bucket ACL
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket object lock configuration
- Put Bucket tagging
- Put Bucket accelerate
- Put Bucket InventoryConfiguration
- Put Bucket Logging
- 关于Object操作
- Abort Multipart Upload
- Complete Multipart Upload
- Delete Multiple Objects
- Delete Object
- Get Object
- Get Object legal hold
- Get Object retention
- Get Object Tagging
- Head Object
- Initiate Multipart Upload
- List Parts
- Post Object
- Put Object
- Put Object Copy
- Put Object legal hold
- Put Object retention
- Put Object Tagging
- Upload Part
- Upload Part Copy
- Post Object Restore
- Select Object Content(公测)
- 错误响应
- 扩展接口
- 京东云OpenAPI
- 旧版OSS API 简介(不推荐)
- S3 API
- 文档发布历史记录
2024-11-19 08:36:42
生成预签名URL
适用场景
在默认情况下,存储桶和对象都是私有的。如果您希望第三方可以下载对象,又不希望对方使用 IAM 账户或临时密钥等方式时,您可以使用预签名 URL 的方式将签名提交给第三方,以供完成下载操作。收到有效预签名 URL 的任何人都可以下载对象。
预签名 URL 时,您可以在签名中设置将对象键包含在签名中,只允许下载指定的对象。您也可以在程序中指定预签名 URL 的有效时间,以保证超时后该 URL 不会被未授权方使用。
注意
-
由于访问 CDN 域名需要遵循 CDN 的鉴权过程,无法使用 OSS 签名,因此预签名 URL 不支持使用 CDN 域名。
-
建议用户使用临时密钥生成预签名,通过临时授权的方式进一步提高预签名上传、下载等请求的安全性。申请临时密钥时,请遵循 最小权限指引原则,防止泄露目标存储桶或对象之外的资源。
-
如果您一定要使用永久密钥来生成预签名,建议永久密钥的权限范围仅限于上传或下载操作,以规避风险。并且所生成的签名有效时长设置为完成本次上传或下载操作所需的最短期限,因为,当指定预签名 URL 的有效时间过期后,请求会中断;申请新的签名后,需要重新执行失败请求,不支持断点续传。
-
仅支持对单个对象进行预签名,不支持多个对象。
实现方式
1.配置依赖
在pom.xml中配置依赖的sdk,如下:
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
<version>1.11.490</version>
</dependency>
2.示例代码
生成带有签名的URL示例代码如下:
import java.net.URL;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.S3ClientOptions;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
public class GeneratePresignUrl {
static AmazonS3 createS3Client(String accessKey, String secretKey, String endpoint) {
System.setProperty(SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY, "true");
AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey,secretKey);
ClientConfiguration config = new ClientConfiguration();
config.setProtocol(Protocol.HTTP);
AmazonS3 s3 = new AmazonS3Client(awsCredentials,config);
s3.setEndpoint(endpoint);
S3ClientOptions options = new S3ClientOptions();
options.withChunkedEncodingDisabled(true); // Must have
s3.setS3ClientOptions(options);
return s3;
}
static public URL generatePresignUrl(String accessKey, String secretKey, String endpoint,String bucketName,String keyName) {
AmazonS3 s3 = createS3Client(accessKey,secretKey,endpoint);
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucketName, keyName).withMethod(HttpMethod.GET).withExpiration(getExpirationDate());
return s3.generatePresignedUrl(request);
}
public static Date getExpirationDate() {
// 设置预签名URL的有效期,例如设置为1小时
long expirationMillis = System.currentTimeMillis() + 3600000;
return new Date(expirationMillis);
}
static public void main(String [ ]str) {
final String accessKey = "<your accessKey>";
final String secretKey = "<your secretKey>";
final String endpoint = "<your endpoint>";
final String bucketName = "<your bucketname>";
final String keyName = "<your keyname>";
System.out.println(generatePresignUrl(accessKey, secretKey, endpoint, bucketName, keyName));
}
}
温馨提示
开始与售前顾问沟通
可直接拨打电话 400-098-8505转1
我们的产品专家为您找到最合适的产品/解决⽅案
在线咨询 5*8⼩时
点击咨询1v1线上咨询获取售前专业咨询
企微服务助手
专业产品顾问,随时随地沟通
提交反馈
您对本页面的整体评价?
非常不满意
非常满意
