全部产品
对象存储 OSS

授权访问

更新时间:2017-08-11 10:49:02   分享:   

使用STS服务临时授权

OSS可以通过阿里云STS服务,临时进行授权访问。使用STS时请按以下步骤进行:

  1. 在官网控制台创建子账号,参考OSS STS
  2. 在官网控制台创建STS角色并赋予子账号扮演角色的权限,参考OSS STS
  3. 使用子账号的AccessKeyId/AccessKeySecret向STS申请临时token
  4. 使用临时token中的认证信息创建OSS的Client
  5. 使用OSS的Client访问OSS服务

使用STS凭证构造签名请求

用户的client端拿到STS临时凭证后,通过其中安全令牌(SecurityToken)以及临时访问密钥(AccessKeyId, AccessKeySecret)生成oss_request_options。以上传文件为例:

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_status_t *s;
  4. aos_table_t *headers;
  5. aos_table_t *resp_headers;
  6. char *bucket_name = "<您的bucket名字>";
  7. char *object_name = "<您的object名字>";
  8. aos_string_t bucket;
  9. aos_string_t object;
  10. char *data = "<object content>";
  11. aos_list_t buffer;
  12. aos_buf_t *content;
  13. aos_pool_create(&p, NULL);
  14. // init_oss_request_options using sts_token
  15. /* 创建并用STS token初始化options */
  16. options = oss_request_options_create(p);
  17. options->config = oss_config_create(options->pool);
  18. aos_str_set(&options->config->endpoint, "<您的Endpoint>");
  19. aos_str_set(&options->config->access_key_id, "<您的临时AccessKeyId>");
  20. aos_str_set(&options->config->access_key_secret, "<您的临时AccessKeySecret>");
  21. aos_str_set(&options->config->sts_token, "<您的sts_token>");
  22. options->config->is_cname = 0;
  23. options->ctl = aos_http_controller_create(options->pool, 0);
  24. /* 初始化参数 */
  25. aos_str_set(&bucket, bucket_name);
  26. aos_str_set(&object, object_name);
  27. headers = aos_table_make(p, 0);
  28. aos_list_init(&buffer);
  29. content = aos_buf_pack(options->pool, data, strlen(data));
  30. aos_list_add_tail(&content->node, &buffer);
  31. /* 上传文件 */
  32. s = oss_put_object_from_buffer_s(options, &bucket, &object, &buffer, headers, &resp_headers);
  33. if (aos_status_is_ok(s)) {
  34. printf("put object succeeded\n");
  35. } else {
  36. printf("put object failed\n");
  37. }
  38. aos_pool_destroy(p);

URL签名授权

可以通过生成签名URL的形式提供给用户一个临时的访问URL。在生成URL时,可以指定URL过期的时间,从而限制用户长时间访问。

生成签名url

通过oss_gen_signed_url接口生成请求url签名。

生成下载请求的url签名

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. char *url_str;
  5. char *bucket_name = "<您的bucket名字>";
  6. char *object_name = "<您的object名字>";
  7. aos_string_t bucket;
  8. aos_string_t object;
  9. apr_time_t now;
  10. int64_t expire_time;
  11. int one_hour = 3600; /* 单位:秒*/
  12. aos_pool_create(&p, NULL);
  13. /* 创建并初始化options */
  14. options = oss_request_options_create(p);
  15. init_options(options);
  16. /* 初始化参数 */
  17. aos_str_set(&bucket, bucket_name);
  18. aos_str_set(&object, object_name);
  19. req = aos_http_request_create(p);
  20. req->method = HTTP_GET;
  21. now = apr_time_now(); //millisecond
  22. expire_time = now / 1000000 + one_hour;
  23. /* 生成签名url */
  24. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  25. printf("临时下载url:%s\n", url_str);
  26. aos_pool_destroy(p);

生成上传文件请求的url签名:

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. char *bucket_name = "<您的bucket名字>";
  5. char *object_name = "<您的object名字>";
  6. aos_string_t bucket;
  7. aos_string_t object;
  8. apr_time_t now;
  9. int64_t expire_time;
  10. int one_hour = 3600;
  11. char *url_str = NULL;
  12. aos_pool_create(&p, NULL);
  13. /* 创建并初始化options */
  14. options = oss_request_options_create(p);
  15. init_options(options);
  16. /* 初始化参数 */
  17. aos_str_set(&bucket, bucket_name);
  18. aos_str_set(&object, object_name);
  19. req = aos_http_request_create(p);
  20. req->method = HTTP_PUT;
  21. now = apr_time_now(); //millisecond
  22. expire_time = now / 1000000 + one_hour;
  23. /* 生成签名url */
  24. url_str = oss_gen_signed_url((options, &bucket, &object, expire_time, req);
  25. printf("临时上传url:%s\n", url_str);
  26. aos_pool_destroy(p);

使用签名URL下载文件

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. aos_table_t *headers;
  5. aos_table_t *resp_headers;
  6. char *bucket_name = "<您的bucket名字>";
  7. char *object_name = "<您的object名字>";
  8. char *filepath = "<本地文件路径>";
  9. aos_string_t bucket;
  10. aos_string_t object;
  11. aos_string_t file;
  12. char *url_str;
  13. apr_time_t now;
  14. int64_t expire_time;
  15. int one_hour = 3600;
  16. aos_pool_create(&p, NULL);
  17. /* 创建并初始化options */
  18. options = oss_request_options_create(p);
  19. init_options(options);
  20. /* 初始化参数 */
  21. aos_str_set(&bucket, bucket_name);
  22. aos_str_set(&object, object_name);
  23. aos_str_set(&file, filepath);
  24. headers = aos_table_make(p, 0);
  25. req = aos_http_request_create(p);
  26. req->method = HTTP_GET;
  27. now = apr_time_now(); /* 单位:微秒 */
  28. expire_time = now / 1000000 + one_hour;
  29. /* 生成签名url */
  30. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  31. /* 使用签名url下载文件 */
  32. s = oss_get_object_to_file_by_url(options, url_str, headers, &file, &resp_headers);
  33. if (aos_status_is_ok(s)) {
  34. printf("get object succeeded\n");
  35. } else {
  36. printf("get object failed\n");
  37. }
  38. aos_pool_destroy(p);

使用URL签名的方式上传文件

  1. aos_pool_t *p;
  2. int is_oss_domain = 1;//是否使用三级域名
  3. oss_request_options_t *options;
  4. aos_http_request_t *req;
  5. aos_table_t *headers;
  6. aos_table_t *resp_headers;
  7. char *bucket_name = "<您的bucket名字>";
  8. char *object_name = "<您的object名字>";
  9. char *filepath = "<本地文件路径>";
  10. aos_string_t bucket;
  11. aos_string_t object;
  12. aos_string_t file;
  13. char *url_str;
  14. apr_time_t now;
  15. int64_t expire_time;
  16. int one_hour = 3600;
  17. aos_pool_create(&p, NULL);
  18. /* 创建并初始化options */
  19. options = oss_request_options_create(p);
  20. init_options(options);
  21. /* 初始化参数 */
  22. aos_str_set(&bucket, bucket_name);
  23. aos_str_set(&object, object_name);
  24. aos_str_set(&file, filepath);
  25. headers = aos_table_make(p, 0);
  26. req = aos_http_request_create(p);
  27. req->method = HTTP_PUT;
  28. now = apr_time_now(); /* 单位:微秒*/
  29. expire_time = now / 1000000 + one_hour;
  30. /* 生成签名url */
  31. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  32. /* 使用签名url上传文件 */
  33. s = oss_put_object_from_file_by_url(options, url_str, &file, headers, &resp_headers);
  34. if (aos_status_is_ok(s)) {
  35. printf("put objects by signed url succeeded\n");
  36. } else {
  37. printf("put objects by signed url failed\n");
  38. }
  39. aos_pool_destroy(p);
本文导读目录
本文导读目录
以上内容是否对您有帮助?