edit-icon download-icon

Authorized access

Last Updated: Jan 25, 2018

Use URL signature to authorize access

You can provide users with a temporary access URL by generating a signed URL. You can specify the URL expiration time when generating a URL to limit the duration of a user’s access.

Note:

  • Complete code for the following scenarios can be found at GitHub.

An example of generating a signed URL for GetObject is shown as follows:

  1. package main
  2. import (
  3. "fmt"
  4. "io/ioutil"
  5. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  6. )
  7. func HandleError(err error) {
  8. // Handle Error
  9. }
  10. func main() {
  11. client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret")
  12. if err != nil {
  13. HandleError(err)
  14. }
  15. bucket, err := client.Bucket("BucketName")
  16. if err != nil {
  17. HandleError(err)
  18. }
  19. // get object
  20. signedURL, err := bucket.SignURL("ObjectName", oss.HTTPGet, 60)
  21. if err != nil {
  22. HandleError(err)
  23. }
  24. body, err := bucket.GetObjectWithURL(signedURL)
  25. if err != nil {
  26. HandleError(err)
  27. }
  28. // read content
  29. data, err := ioutil.ReadAll(body)
  30. body.Close()
  31. data = data // use data
  32. err = bucket.GetObjectToFileWithURL(signedURL, "localFile")
  33. if err != nil {
  34. HandleError(err)
  35. }
  36. }

Note:

  • The generated URL grants users direct access to related website contents.

To allow users to perform other temporary operations (such as file upload and deletion), you have to sign a URL for another method, for example:

  1. package main
  2. import (
  3. "fmt"
  4. "strings"
  5. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  6. )
  7. func HandleError(err error) {
  8. // Handle Error
  9. }
  10. func main() {
  11. client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret")
  12. if err != nil {
  13. HandleError(err)
  14. }
  15. bucket, err := client.Bucket("BucketName")
  16. if err != nil {
  17. HandleError(err)
  18. }
  19. // put object
  20. signedURL, err := bucket.SignURL("ObjectName", oss.HTTPPut, 60)
  21. if err != nil {
  22. HandleError(err)
  23. }
  24. var val = "To be or not to be, that is the question."
  25. err = bucket.PutObjectWithURL(signedURL, strings.NewReader(val))
  26. if err != nil {
  27. HandleError(err)
  28. }
  29. // put object with option
  30. options := []oss.Option{
  31. oss.Meta("myprop", "mypropval"),
  32. oss.ContentType("image/tiff"),
  33. }
  34. signedURL, err = bucket.SignURL("ObjectName", oss.HTTPPut, 60, options...)
  35. if err != nil {
  36. HandleError(err)
  37. }
  38. err = bucket.PutObjectFromFileWithURL(signedURL, "localFile", options...)
  39. if err != nil {
  40. HandleError(err)
  41. }
  42. }

Upload and download with a temporary credential (STS)

Introduction

OSS can temporarily grant access authorizations using the Alibaba Cloud STS service. Alibaba Cloud STS (Security Token Service) is a web service providing temporary access tokens for cloud computing users.With the STS, you can assign a third-party application or federated user (you can manage the user ID) an access credential with a custom validity period and permissions. For more information about STS, see STS Introduction.

Use an STS credential to create an OSSClient

After obtaining the STS temporary credential, the user’s client generates a Client using the contained security token and temporary AccessKey (AccessKeyID and AccessKeySecret).

You can use the STS temporary credential to create a Client through the following code:

  1. package main
  2. import (
  3. "bytes"
  4. "fmt"
  5. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  6. )
  7. func HandleError(err error) {
  8. // Handle Error
  9. }
  10. func main() {
  11. client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret", oss.SecurityToken("StsToken"))
  12. if err != nil {
  13. HandleError(err)
  14. }
  15. bucket, err := client.Bucket("BucketName")
  16. if err != nil {
  17. HandleError(err)
  18. }
  19. err = bucket.PutObject("my-object", bytes.NewReader([]byte("MyObjectValue")))
  20. if err != nil {
  21. HandleError(err)
  22. }
  23. fmt.Printf("Completed\n")
  24. }
Thank you! We've received your feedback.