使用OSS Java SDK生成GET方法的簽名URL
更新時間:
默認(rèn)情況下,OSS Bucket中的文件是私有的,僅文件擁有者可訪問。您可以使用OSS Java SDK生成帶有過期時間的GET方法簽名URL,以允許他人臨時下載文件。在有效期內(nèi)可多次訪問,超期后需重新生成。
注意事項
本文以華東1(杭州)外網(wǎng)Endpoint為例。如果您希望通過與OSS同地域的其他阿里云產(chǎn)品訪問OSS,請使用內(nèi)網(wǎng)Endpoint。關(guān)于OSS支持的Region與Endpoint的對應(yīng)關(guān)系,請參見OSS地域和訪問域名。
本文以從環(huán)境變量讀取訪問憑證為例。如何配置訪問憑證,請參見Java配置訪問憑證。
本文以OSS域名新建OSSClient為例。如果您希望通過自定義域名、STS等方式新建OSSClient,請參見新建OSSClient。
生成GET方法的簽名URL時,您必須具有
oss:GetObject權(quán)限。具體操作,請參見為RAM用戶授權(quán)自定義的權(quán)限策略。說明生成簽名URL過程中,SDK利用本地存儲的密鑰信息,根據(jù)特定算法計算出簽名(signature),然后將其附加到URL上,以確保URL的有效性和安全性。這一系列計算和構(gòu)造URL的操作都是在客戶端完成,不涉及網(wǎng)絡(luò)請求到服務(wù)端。因此,生成簽名URL時不需要授予調(diào)用者特定權(quán)限。但是,為避免第三方用戶無法對簽名URL授權(quán)的資源執(zhí)行相關(guān)操作,需要確保調(diào)用生成簽名URL接口的身份主體被授予對應(yīng)的權(quán)限。
本文以V4簽名URL為例,有效期最大為7天。更多信息,請參見簽名版本4(推薦)。
使用過程
使用簽名URL下載文件的過程如下:
代碼示例
文件擁有者生成GET方法的簽名URL。
import com.aliyun.oss.*; import com.aliyun.oss.common.auth.*; import com.aliyun.oss.common.comm.SignVersion; import java.net.URL; import java.util.Date; public class Demo { public static void main(String[] args) throws Throwable { // 以華東1(杭州)的外網(wǎng)Endpoint為例,其它Region請按實際情況填寫。 String endpoint = "https://oss-cn-hangzhou.aliyuncs.com"; // 從環(huán)境變量中獲取訪問憑證。運行本代碼示例之前,請確保已設(shè)置環(huán)境變量OSS_ACCESS_KEY_ID和OSS_ACCESS_KEY_SECRET。 EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider(); // 填寫Bucket名稱,例如examplebucket。 String bucketName = "examplebucket"; // 填寫Object完整路徑,例如exampleobject.txt。Object完整路徑中不能包含Bucket名稱。 String objectName = "exampleobject.txt"; // 填寫Bucket所在地域。以華東1(杭州)為例,Region填寫為cn-hangzhou。 String region = "cn-hangzhou"; // 創(chuàng)建OSSClient實例。 ClientBuilderConfiguration clientBuilderConfiguration = new ClientBuilderConfiguration(); clientBuilderConfiguration.setSignatureVersion(SignVersion.V4); OSS ossClient = OSSClientBuilder.create() .endpoint(endpoint) .credentialsProvider(credentialsProvider) .clientConfiguration(clientBuilderConfiguration) .region(region) .build(); try { // 設(shè)置簽名URL過期時間,單位為毫秒。本示例以設(shè)置過期時間為1小時為例。 Date expiration = new Date(new Date().getTime() + 3600 * 1000L); // 生成以GET方法訪問的簽名URL。本示例沒有額外請求頭,其他人可以直接通過瀏覽器訪問相關(guān)內(nèi)容。 URL url = ossClient.generatePresignedUrl(bucketName, objectName, expiration); System.out.println(url); } catch (OSSException oe) { System.out.println("Caught an OSSException, which means your request made it to OSS, " + "but was rejected with an error response for some reason."); System.out.println("Error Message:" + oe.getErrorMessage()); System.out.println("Error Code:" + oe.getErrorCode()); System.out.println("Request ID:" + oe.getRequestId()); System.out.println("Host ID:" + oe.getHostId()); } catch (ClientException ce) { System.out.println("Caught an ClientException, which means the client encountered " + "a serious internal problem while trying to communicate with OSS, " + "such as not being able to access the network."); System.out.println("Error Message:" + ce.getMessage()); } finally { if (ossClient != null) { ossClient.shutdown(); } } } }其他人使用GET方法的簽名URL下載文件。
curl
curl -SO "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********"Java
import java.io.BufferedInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; public class Demo { public static void main(String[] args) { // 替換為生成的GET方法的簽名URL。 String fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********"; // 填寫文件保存的目標(biāo)路徑,包括文件名和擴展名。 String savePath = "C:/downloads/myfile.txt"; try { downloadFile(fileURL, savePath); System.out.println("Download completed!"); } catch (IOException e) { System.err.println("Error during download: " + e.getMessage()); } } private static void downloadFile(String fileURL, String savePath) throws IOException { URL url = new URL(fileURL); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); httpConn.setRequestMethod("GET"); // 檢查響應(yīng)代碼 int responseCode = httpConn.getResponseCode(); if (responseCode == HttpURLConnection.HTTP_OK) { // 輸入流 InputStream inputStream = new BufferedInputStream(httpConn.getInputStream()); // 輸出流 FileOutputStream outputStream = new FileOutputStream(savePath); byte[] buffer = new byte[4096]; // 緩沖區(qū) int bytesRead; while ((bytesRead = inputStream.read(buffer)) != -1) { outputStream.write(buffer, 0, bytesRead); } outputStream.close(); inputStream.close(); } else { System.out.println("No file to download. Server replied HTTP code: " + responseCode); } httpConn.disconnect(); } }Node.js
const https = require('https'); const fs = require('fs'); const fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********"; const savePath = "C:/downloads/myfile.txt"; https.get(fileURL, (response) => { if (response.statusCode === 200) { const fileStream = fs.createWriteStream(savePath); response.pipe(fileStream); fileStream.on('finish', () => { fileStream.close(); console.log("Download completed!"); }); } else { console.error(`Download failed. Server responded with code: ${response.statusCode}`); } }).on('error', (err) => { console.error("Error during download:", err.message); });Python
import requests file_url = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********" save_path = "C:/downloads/myfile.txt" try: response = requests.get(file_url, stream=True) if response.status_code == 200: with open(save_path, 'wb') as f: for chunk in response.iter_content(4096): f.write(chunk) print("Download completed!") else: print(f"No file to download. Server replied HTTP code: {response.status_code}") except Exception as e: print("Error during download:", e)Go
package main import ( "io" "net/http" "os" ) func main() { fileURL := "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********" savePath := "C:/downloads/myfile.txt" response, err := http.Get(fileURL) if err != nil { panic(err) } defer response.Body.Close() if response.StatusCode == http.StatusOK { outFile, err := os.Create(savePath) if err != nil { panic(err) } defer outFile.Close() _, err = io.Copy(outFile, response.Body) if err != nil { panic(err) } println("Download completed!") } else { println("No file to download. Server replied HTTP code:", response.StatusCode) } }JavaScript
const fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********"; const savePath = "C:/downloads/myfile.txt"; // 文件將在下載時使用的文件名 fetch(fileURL) .then(response => { if (!response.ok) { throw new Error(`Server replied HTTP code: ${response.status}`); } return response.blob(); // 將響應(yīng)轉(zhuǎn)換為 blob }) .then(blob => { const link = document.createElement('a'); link.href = window.URL.createObjectURL(blob); link.download = savePath; // 設(shè)置下載文件的名字 document.body.appendChild(link); // 此步驟確保鏈接存在于文檔中 link.click(); // 模擬點擊下載鏈接 link.remove(); // 完成后移除鏈接 console.log("Download completed!"); }) .catch(error => { console.error("Error during download:", error); });Android-Java
import android.os.AsyncTask; import android.os.Environment; import java.io.BufferedInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; public class DownloadTask extends AsyncTask<String, String, String> { @Override protected String doInBackground(String... params) { String fileURL = params[0]; String savePath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS) + "/myfile.txt"; // 修改后的保存路徑 try { URL url = new URL(fileURL); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); httpConn.setRequestMethod("GET"); int responseCode = httpConn.getResponseCode(); if (responseCode == HttpURLConnection.HTTP_OK) { InputStream inputStream = new BufferedInputStream(httpConn.getInputStream()); FileOutputStream outputStream = new FileOutputStream(savePath); byte[] buffer = new byte[4096]; int bytesRead; while ((bytesRead = inputStream.read(buffer)) != -1) { outputStream.write(buffer, 0, bytesRead); } outputStream.close(); inputStream.close(); return "Download completed!"; } else { return "No file to download. Server replied HTTP code: " + responseCode; } } catch (Exception e) { return "Error during download: " + e.getMessage(); } } }Objective-C
#import <Foundation/Foundation.h> int main(int argc, const char * argv[]) { @autoreleasepool { // 定義文件 URL 和保存路徑(修改為有效的路徑) NSString *fileURL = @"https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a939feb8d79a389572719f7e2939939936d0**********"; NSString *savePath = @"/Users/your_username/Desktop/myfile.txt"; // 請?zhí)鎿Q為您的用戶名 // 創(chuàng)建 URL 對象 NSURL *url = [NSURL URLWithString:fileURL]; // 創(chuàng)建下載任務(wù) NSURLSessionDataTask *task = [[NSURLSession sharedSession] dataTaskWithURL:url completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { // 錯誤處理 if (error) { NSLog(@"Error during download: %@", error.localizedDescription); return; } // 檢查數(shù)據(jù) if (!data) { NSLog(@"No data received."); return; } // 保存文件 NSError *writeError = nil; BOOL success = [data writeToURL:[NSURL fileURLWithPath:savePath] options:NSDataWritingAtomic error:&writeError]; if (success) { NSLog(@"Download completed!"); } else { NSLog(@"Error saving file: %@", writeError.localizedDescription); } }]; // 啟動任務(wù) [task resume]; // 讓主線程繼續(xù)運行以便異步請求能夠完成 [[NSRunLoop currentRunLoop] run]; } return 0; }
其他場景
生成指定版本的文件的GET方法的簽名URL
以下代碼示例在生成GET方法的簽名URL時,指定了文件的版本,以允許他人下載指定版本的文件。
import com.aliyun.oss.*;
import com.aliyun.oss.common.auth.*;
import com.aliyun.oss.model.GeneratePresignedUrlRequest;
import java.net.URL;
import java.util.*;
import java.util.Date;
public class Demo {
public static void main(String[] args) throws Throwable {
// 以華東1(杭州)的外網(wǎng)Endpoint為例,其它Region請按實際情況填寫。
String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// 從環(huán)境變量中獲取訪問憑證。運行本代碼示例之前,請確保已設(shè)置環(huán)境變量OSS_ACCESS_KEY_ID和OSS_ACCESS_KEY_SECRET。
EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
// 填寫B(tài)ucket名稱,例如examplebucket。
String bucketName = "examplebucket";
// 填寫Object完整路徑,例如exampleobject.txt。Object完整路徑中不能包含Bucket名稱。
String objectName = "exampleobject.txt";
// 填寫Object的versionId。
String versionId = "CAEQARiBgID8rumR2hYiIGUyOTAyZGY2MzU5MjQ5ZjlhYzQzZjNlYTAyZDE3****";
// 填寫B(tài)ucket所在地域。以華東1(杭州)為例,Region填寫為cn-hangzhou。
String region = "cn-hangzhou";
// 創(chuàng)建OSSClient實例。
ClientBuilderConfiguration clientBuilderConfiguration = new ClientBuilderConfiguration();
clientBuilderConfiguration.setSignatureVersion(SignVersion.V4);
OSS ossClient = OSSClientBuilder.create()
.endpoint(endpoint)
.credentialsProvider(credentialsProvider)
.clientConfiguration(clientBuilderConfiguration)
.region(region)
.build();
try {
// 創(chuàng)建請求。
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName, objectName);
// 設(shè)置HttpMethod為GET。
generatePresignedUrlRequest.setMethod(HttpMethod.GET);
// 設(shè)置簽名URL過期時間,單位為毫秒。本示例以設(shè)置過期時間為1小時為例。
Date expiration = new Date(new Date().getTime() + 3600 * 1000L);
generatePresignedUrlRequest.setExpiration(expiration);
// Object的versionId。
Map<String, String> queryParam = new HashMap<String, String>();
queryParam.put("versionId", versionId);
generatePresignedUrlRequest.setQueryParameter(queryParam);
// 生成簽名URL。
URL url = ossClient.generatePresignedUrl(generatePresignedUrlRequest);
System.out.println(url);
} catch (OSSException oe) {
System.out.println("Caught an OSSException, which means your request made it to OSS, "
+ "but was rejected with an error response for some reason.");
System.out.println("Error Message:" + oe.getErrorMessage());
System.out.println("Error Code:" + oe.getErrorCode());
System.out.println("Request ID:" + oe.getRequestId());
System.out.println("Host ID:" + oe.getHostId());
} catch (ClientException ce) {
System.out.println("Caught an ClientException, which means the client encountered "
+ "a serious internal problem while trying to communicate with OSS, "
+ "such as not being able to access the network.");
System.out.println("Error Message:" + ce.getMessage());
} finally {
if (ossClient != null) {
ossClient.shutdown();
}
}
}
}使用簽名URL下載指定請求頭的文件
在生成GET方式的簽名URL時,如果指定了請求頭,確保在通過該簽名URL發(fā)起GET請求時也包含相應(yīng)的請求頭,以免出現(xiàn)不一致,導(dǎo)致請求失敗和簽名錯誤。
生成帶請求頭的GET方法簽名URL。
import com.aliyun.oss.*; import com.aliyun.oss.common.auth.*; import com.aliyun.oss.common.comm.SignVersion; import com.aliyun.oss.internal.OSSHeaders; import com.aliyun.oss.model.GeneratePresignedUrlRequest; import java.net.URL; import java.util.*; import java.util.Date; public class Demo { public static void main(String[] args) throws Throwable { // 以華東1(杭州)的外網(wǎng)Endpoint為例,其它Region請按實際情況填寫。 String endpoint = "https://oss-cn-hangzhou.aliyuncs.com"; // 從環(huán)境變量中獲取訪問憑證。運行本代碼示例之前,請確保已設(shè)置環(huán)境變量OSS_ACCESS_KEY_ID和OSS_ACCESS_KEY_SECRET。 EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider(); // 填寫Bucket名稱,例如examplebucket。 String bucketName = "examplebucket"; // 填寫Object完整路徑,例如exampleobject.txt。Object完整路徑中不能包含Bucket名稱。 String objectName = "exampleobject.txt"; // 創(chuàng)建OSSClient實例。 String region = "cn-hangzhou"; ClientBuilderConfiguration clientBuilderConfiguration = new ClientBuilderConfiguration(); clientBuilderConfiguration.setSignatureVersion(SignVersion.V4); OSS ossClient = OSSClientBuilder.create() .endpoint(endpoint) .credentialsProvider(credentialsProvider) .clientConfiguration(clientBuilderConfiguration) .region(region) .build(); // 設(shè)置請求頭。 Map<String, String> headers = new HashMap<>(); // 指定ContentType。 headers.put(OSSHeaders.CONTENT_TYPE, "text/txt"); URL signedUrl = null; try { // 指定生成的簽名URL過期時間,單位為毫秒。本示例以設(shè)置過期時間為1小時為例。 Date expiration = new Date(new Date().getTime() + 3600 * 1000L); // 生成簽名URL。 GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucketName, objectName, HttpMethod.GET); // 設(shè)置過期時間。 request.setExpiration(expiration); // 將請求頭加入到request中。 request.setHeaders(headers); // 通過HTTP GET請求生成簽名URL。 signedUrl = ossClient.generatePresignedUrl(request); // 打印簽名URL。 System.out.println("signed url for putObject: " + signedUrl); } catch (OSSException oe) { System.out.println("Caught an OSSException, which means your request made it to OSS, " + "but was rejected with an error response for some reason."); System.out.println("Error Message:" + oe.getErrorMessage()); System.out.println("Error Code:" + oe.getErrorCode()); System.out.println("Request ID:" + oe.getRequestId()); System.out.println("Host ID:" + oe.getHostId()); } catch (ClientException ce) { System.out.println("Caught an ClientException, which means the client encountered " + "a serious internal problem while trying to communicate with OSS, " + "such as not being able to access the network."); System.out.println("Error Message:" + ce.getMessage()); } } }使用簽名URL并指定請求頭下載文件。
curl -X GET "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241113T093321Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5tKHJzUF3wMmACXgf1aH****************&x-oss-signature=f1746f121783eed5dab2d665da95fbca08505263e27476a46f88dbe3702af8a9***************************************" \ -H "Content-Type: text/txt" \ -o "C:/downloads/myfile.txt"import com.aliyun.oss.internal.OSSHeaders; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import java.io.*; import java.net.URL; import java.util.HashMap; import java.util.Map; public class Demo { public static void main(String[] args) throws Throwable { // 替換為實際簽名URL URL signedUrl = new URL("https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241113T093321Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI5tKHJzUF3wMmACXgf1aH%2F20241113%2Fcn-hangzhou%2Foss%2Faliyun_v4_request&x-oss-signature=f1746f121783eed5dab2d665da95fbca08505263e27476a46f88dbe3702af8a9"); // 填寫下載到本地文件的完整路徑。 String pathName = "C:/downloads/myfile.txt"; // 頭部可以通過上下文傳遞或保持相同 // 設(shè)置請求頭。 Map<String, String> headers = new HashMap<>(); // 指定ContentType。 headers.put(OSSHeaders.CONTENT_TYPE, "text/txt"); // 通過簽名URL下載文件,以HttpClients為例說明。 getObjectWithHttp(signedUrl, pathName, headers); } public static void getObjectWithHttp(URL signedUrl, String pathName, Map<String, String> headers) throws IOException { CloseableHttpClient httpClient = null; CloseableHttpResponse response = null; try { HttpGet get = new HttpGet(signedUrl.toString()); // 如果生成簽名URL時設(shè)置了header參數(shù),則調(diào)用簽名URL下載文件時也需要將這些參數(shù)發(fā)送至服務(wù)端。 for (Map.Entry header : headers.entrySet()) { get.addHeader(header.getKey().toString(), header.getValue().toString()); } httpClient = HttpClients.createDefault(); response = httpClient.execute(get); System.out.println("返回下載狀態(tài)碼:" + response.getStatusLine().getStatusCode()); if (response.getStatusLine().getStatusCode() == 200) { System.out.println("使用網(wǎng)絡(luò)庫下載成功"); } System.out.println(response.toString()); // 保存文件到磁盤。 saveFileToLocally(response.getEntity().getContent(), pathName); } catch (Exception e) { e.printStackTrace(); } finally { response.close(); httpClient.close(); } } public static void saveFileToLocally(InputStream inputStream, String pathName) throws IOException { DataInputStream in = null; OutputStream out = null; try { in = new DataInputStream(inputStream); out = new DataOutputStream(new FileOutputStream(pathName)); int bytes = 0; byte[] bufferOut = new byte[1024]; while ((bytes = in.read(bufferOut)) != -1) { out.write(bufferOut, 0, bytes); } } catch (Exception e) { e.printStackTrace(); } finally { in.close(); out.close(); } } }
相關(guān)文檔
關(guān)于使用簽名URL下載文件的完整示例代碼,請參見GitHub示例。
關(guān)于使用簽名URL下載文件的API接口說明,請參見GeneratePresignedUrlRequest。
文檔內(nèi)容是否對您有幫助?