This topic describes how to set up a direct data transfer service for a mobile application in less than 30 minutes by using the Security Token Service (STS) policy. Direct data transfer allows you to use a mobile application to connect to Object Storage Service (OSS). This way, you can upload and download data, and send only the control flow to the application server.
Prerequisites
OSS is activated. For more information, see Activate OSS.
A bucket is created. For more information, see Create a bucket.
Background information
In the mobile Internet era, large volumes of data are uploaded by using mobile applications. OSS helps handle your data storage concerns so that you can focus on application development.
OSS-based direct data transfer for mobile applications provides the following benefits:
Data security: OSS allows mobile applications to upload and download data based on flexible authorization and authentication methods. This helps improve data security.
Cost-effectiveness: A small number of application servers are required. This helps reduce costs. The mobile application is connected to OSS for data uploads and downloads, and only the control flow is sent to the application server.
High concurrency: OSS supports concurrent access requests that are sent from a large number of users.
Elastic scalability: OSS provides unlimited and scalable storage.
Data processing: OSS supports Image Processing (IMG) and audio and video transcoding to allow users to process data in a flexible manner.
Process
The following figure shows the development process of the direct data transfer service for mobile applications.
Participant analysis:
Android or iOS application: an application on a mobile device that requests an STS token from the application server and uses the STS token.
OSS: processes data requests that are sent from the mobile application.
Resource Access Management (RAM)/STS: generates a temporary upload token.
Application server: a backend service for the Android or iOS application. The application server is used to manage the tokens for data uploads and downloads by using the application and the metadata of the uploaded data.
Process steps:
The mobile application requests a token from the application server as the temporary upload credential.
AccessKey pairs cannot be stored in Android and iOS applications due to security concerns. The mobile application must request a token from the application server. The token is valid for a specific period of time. If the application server specifies a validity period of 30 minutes, the Android or iOS application can use the token to upload data to or download data from OSS within 30 minutes after the token is issued. After 30 minutes, the application must request a new token to upload or download data.
The application server checks the validity of the request and then returns a token to the application.
The Android or iOS application uses the token to upload data to or download data from OSS.
The following section describes how the application server generates a token and how the Android or iOS application obtains a token.
Procedure
Step 1: Activate STS and configure an application server
You can use Resource Orchestration Service (ROS) to activate STS, configure an Elastic Compute Service (ECS) instance, and deploy application server source code on the ECS instance. To use ROS to activate STS and configure an application server, perform the following steps:
Go to the Create Stack wizard in the ROS console.
In the Select Template step of the Create Stack wizard, enter a stack name, specify the zone, instance type, system disk category, and password for the ECS instance that you want to purchase, and click Next. In the Check and Confirm step, check your settings and click Create.
On the Stack Information tab of the page that appears, the status of the stack is Creating.
After the status of the stack becomes Created, click the Outputs tab to view information about the deployed application server on the ECS instance.
Step 2: Download and install a mobile application
Download the mobile application source code package.
Android
iOS
You can use the mobile application on Android or iOS devices to upload images to OSS. Simple upload and resumable upload are supported. If the network quality is poor, we recommend that you use resumable upload. You can also use IMG to resize an image to obtain a thumbnail and add watermarks to the image.
Open the mobile application and configure the application parameters.
App server: the application server address in the output information of Step 1.
Destination bucket: the bucket to which data is uploaded from a mobile application.
Region: the region in which the destination bucket is located.
OSS object name: The name must contain the prefix specified in the policy configuration file of the application server.
Tap Settings.
Step 3: Configure direct data transfer for the mobile application
Open the mobile application.
Tap Select Image. Select the image that you want to upload and specify the object name.
After the object is uploaded, check the upload result in the OSS console.
Core code parsing
The following sample code provides initialization examples:
Android
// We recommend that you use OSSAuthCredentialsProvider. The token is automatically updated after it expires.
String stsServer = "App server address, such as https://example.com:8080"
OSSCredentialProvider credentialProvider = new OSSAuthCredentialsProvider(stsServer);
// Specify the following parameters:
ClientConfiguration conf = new ClientConfiguration();
conf.setConnectionTimeout(15 * 1000); // The connection timeout period in seconds. Default value: 15.
conf.setSocketTimeout(15 * 1000); // The socket timeout period in seconds. Default value: 15.
conf.setMaxConcurrentRequest(5); // The maximum number of concurrent requests. Default value: 5.
conf.setMaxErrorRetry(2); // The maximum number of retries. Default value: 2.
OSS oss = new OSSClient(getApplicationContext(), endpoint, credentialProvider, conf);iOS
OSSClient * client;
...
// We recommend that you use OSSAuthCredentialProvider. The token is automatically updated after it expires.
id<OSSCredentialProvider> credential = [[OSSAuthCredentialProvider alloc] initWithAuthServerUrl:@"App server address, such as https://example.com:8080"];
client = [[OSSClient alloc] initWithEndpoint:endPoint credentialProvider:credential];