阿里雲團隊努力不懈,力求將最新的技術內容更快地以您最熟悉的語言呈現。本文由簡體中文內容自動轉碼而成,過程無人工干預。阿里雲不保證此自動轉碼的準確性、完整性及時效性。因轉碼造成的任何內容錯誤及因此可能帶來的損失,阿里雲概不負責,敬請見諒。本文内容請以簡體中文版本為準。
全部產品
Search
文件中心

授權訪問

更新時間: Oct 19, 2018

使用STS服務臨時授權

OSS可以通過阿里雲STS服務,臨時進行授權訪問。使用STS時請按以下步驟進行:

  1. 在官網控制台建立子帳號,參考OSS STS
  2. 在官網控制台建立STS角色並賦予子帳號扮演角色的許可權,參考OSS STS
  3. 使用子帳號的AccessKeyId/AccessKeySecret向STS申請臨時token
  4. 使用臨時token中的認證資訊建立OSS的Client
  5. 使用OSS的Client訪問OSS服務

使用STS憑證建構簽章請求

使用者的client端拿到STS臨時憑證後,通過其中安全性權杖(SecurityToken)以及臨時存取金鑰(AccessKeyId, AccessKeySecret)生成oss_request_options。以上傳檔案為例:

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_status_t *s;
  4. aos_table_t *headers;
  5. aos_table_t *resp_headers;
  6. char *bucket_name = "<您的bucket名字>";
  7. char *object_name = "<您的object名字>";
  8. aos_string_t bucket;
  9. aos_string_t object;
  10. char *data = "<object content>";
  11. aos_list_t buffer;
  12. aos_buf_t *content;
  13. aos_pool_create(&p, NULL);
  14. // init_oss_request_options using sts_token
  15. /* 建立並用STS token初始化options */
  16. options = oss_request_options_create(p);
  17. options->config = oss_config_create(options->pool);
  18. aos_str_set(&options->config->endpoint, "<您的Endpoint>");
  19. aos_str_set(&options->config->access_key_id, "<您的臨時AccessKeyId>");
  20. aos_str_set(&options->config->access_key_secret, "<您的臨時AccessKeySecret>");
  21. aos_str_set(&options->config->sts_token, "<您的sts_token>");
  22. options->config->is_cname = 0;
  23. options->ctl = aos_http_controller_create(options->pool, 0);
  24. /* 初始化參數 */
  25. aos_str_set(&bucket, bucket_name);
  26. aos_str_set(&object, object_name);
  27. headers = aos_table_make(p, 0);
  28. aos_list_init(&buffer);
  29. content = aos_buf_pack(options->pool, data, strlen(data));
  30. aos_list_add_tail(&content->node, &buffer);
  31. /* 上傳檔案 */
  32. s = oss_put_object_from_buffer_s(options, &bucket, &object, &buffer, headers, &resp_headers);
  33. if (aos_status_is_ok(s)) {
  34. printf("put object succeeded\n");
  35. } else {
  36. printf("put object failed\n");
  37. }
  38. aos_pool_destroy(p);

URL簽名授權

可以通過生成簽名URL的形式提供給使用者一個臨時的訪問URL。在生成URL時,可以指定URL過期的時間,從而限制使用者長時間訪問。

生成簽名url

通過oss_gen_signed_url介面生成請求url簽名。

生成下載請求的url簽名

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. char *url_str;
  5. char *bucket_name = "<您的bucket名字>";
  6. char *object_name = "<您的object名字>";
  7. aos_string_t bucket;
  8. aos_string_t object;
  9. apr_time_t now;
  10. int64_t expire_time;
  11. int one_hour = 3600; /* 單位:秒*/
  12. aos_pool_create(&p, NULL);
  13. /* 建立並初始化options */
  14. options = oss_request_options_create(p);
  15. init_options(options);
  16. /* 初始化參數 */
  17. aos_str_set(&bucket, bucket_name);
  18. aos_str_set(&object, object_name);
  19. req = aos_http_request_create(p);
  20. req->method = HTTP_GET;
  21. now = apr_time_now(); //millisecond
  22. expire_time = now / 1000000 + one_hour;
  23. /* 生成簽名url */
  24. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  25. printf("臨時下載url:%s\n", url_str);
  26. aos_pool_destroy(p);

生成上傳檔案請求的url簽名:

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. char *bucket_name = "<您的bucket名字>";
  5. char *object_name = "<您的object名字>";
  6. aos_string_t bucket;
  7. aos_string_t object;
  8. apr_time_t now;
  9. int64_t expire_time;
  10. int one_hour = 3600;
  11. char *url_str = NULL;
  12. aos_pool_create(&p, NULL);
  13. /* 建立並初始化options */
  14. options = oss_request_options_create(p);
  15. init_options(options);
  16. /* 初始化參數 */
  17. aos_str_set(&bucket, bucket_name);
  18. aos_str_set(&object, object_name);
  19. req = aos_http_request_create(p);
  20. req->method = HTTP_PUT;
  21. now = apr_time_now(); //millisecond
  22. expire_time = now / 1000000 + one_hour;
  23. /* 生成簽名url */
  24. url_str = oss_gen_signed_url((options, &bucket, &object, expire_time, req);
  25. printf("臨時上傳url:%s\n", url_str);
  26. aos_pool_destroy(p);

使用簽名URL下載檔案

  1. aos_pool_t *p;
  2. oss_request_options_t *options;
  3. aos_http_request_t *req;
  4. aos_table_t *headers;
  5. aos_table_t *resp_headers;
  6. char *bucket_name = "<您的bucket名字>";
  7. char *object_name = "<您的object名字>";
  8. char *filepath = "<本地檔案路徑>";
  9. aos_string_t bucket;
  10. aos_string_t object;
  11. aos_string_t file;
  12. char *url_str;
  13. apr_time_t now;
  14. int64_t expire_time;
  15. int one_hour = 3600;
  16. aos_pool_create(&p, NULL);
  17. /* 建立並初始化options */
  18. options = oss_request_options_create(p);
  19. init_options(options);
  20. /* 初始化參數 */
  21. aos_str_set(&bucket, bucket_name);
  22. aos_str_set(&object, object_name);
  23. aos_str_set(&file, filepath);
  24. headers = aos_table_make(p, 0);
  25. req = aos_http_request_create(p);
  26. req->method = HTTP_GET;
  27. now = apr_time_now(); /* 單位:微秒 */
  28. expire_time = now / 1000000 + one_hour;
  29. /* 生成簽名url */
  30. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  31. /* 使用簽名url下載檔案 */
  32. s = oss_get_object_to_file_by_url(options, url_str, headers, &file, &resp_headers);
  33. if (aos_status_is_ok(s)) {
  34. printf("get object succeeded\n");
  35. } else {
  36. printf("get object failed\n");
  37. }
  38. aos_pool_destroy(p);

使用URL簽名的方式上傳檔案

  1. aos_pool_t *p;
  2. int is_oss_domain = 1;//是否使用第三層網域名
  3. oss_request_options_t *options;
  4. aos_http_request_t *req;
  5. aos_table_t *headers;
  6. aos_table_t *resp_headers;
  7. char *bucket_name = "<您的bucket名字>";
  8. char *object_name = "<您的object名字>";
  9. char *filepath = "<本地檔案路徑>";
  10. aos_string_t bucket;
  11. aos_string_t object;
  12. aos_string_t file;
  13. char *url_str;
  14. apr_time_t now;
  15. int64_t expire_time;
  16. int one_hour = 3600;
  17. aos_pool_create(&p, NULL);
  18. /* 建立並初始化options */
  19. options = oss_request_options_create(p);
  20. init_options(options);
  21. /* 初始化參數 */
  22. aos_str_set(&bucket, bucket_name);
  23. aos_str_set(&object, object_name);
  24. aos_str_set(&file, filepath);
  25. headers = aos_table_make(p, 0);
  26. req = aos_http_request_create(p);
  27. req->method = HTTP_PUT;
  28. now = apr_time_now(); /* 單位:微秒*/
  29. expire_time = now / 1000000 + one_hour;
  30. /* 生成簽名url */
  31. url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
  32. /* 使用簽名url上傳檔案 */
  33. s = oss_put_object_from_file_by_url(options, url_str, &file, headers, &resp_headers);
  34. if (aos_status_is_ok(s)) {
  35. printf("put objects by signed url succeeded\n");
  36. } else {
  37. printf("put objects by signed url failed\n");
  38. }
  39. aos_pool_destroy(p);