如何生成使用临时安全凭证签名的HTTPS API请求(URL)以访问AWS S3对象。我能够使用Amazon Java SDK访问对象,但我想使用临时安全凭证(如预签名的url)生成完整的url。包com.siriusxm.repo.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;
import com.amazonaws.services.securitytoken.model.GetSessionTokenResult;
import com.siriusxm.repo.DownloadServiceImpl;
public class TemporaryCredential {
private static String bucketName = "myrepo";
private static String key = "test.pdf";
public static void main(String[] args) {
System.out.println("");
AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(
new ProfileCredentialsProvider());
// stsClient.setRegion(regionName);sts.us-west-2.amazonaws.com
//
// Start a session.
GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest();
GetSessionTokenResult sessionTokenResult = stsClient
.getSessionToken(getSessionTokenRequest);
Credentials sessionCredentials = sessionTokenResult.getCredentials();
System.out.println("Session Credentials: "
+ sessionCredentials.toString());
// Package the session credentials as a BasicSessionCredentials
// object for an S3 client object to use.
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
AmazonS3Client s3object = new AmazonS3Client(basicSessionCredentials);
// Test. For example, get object keys for a given bucket.
ObjectListing objects = s3object.listObjects(bucketName);
s3object.getObject( new GetObjectRequest(bucketName, key));
System.out.println("No. of Objects = "
+ objects.getObjectSummaries().size());
}
}
这段代码生成了动态访问密钥,秘密密钥和安全令牌。现在,我需要生成带有签名的授权标头的url,这样我就可以直接访问S3对象。
从此代码中,我想使用x-amz-security-token生成URL
如果要在Java中执行此操作,则必须使用AmazonS3.generatePresignedUrl
AmazonS3 s3client = new AmazonS3Client(new ProfileCredentialsProvider());
java.util.Date expiration = new java.util.Date();
long msec = expiration.getTime();
msec += 1000 * 60 * 60; // 1 hour.
expiration.setTime(msec);
GeneratePresignedUrlRequest generatePresignedUrlRequest =
new GeneratePresignedUrlRequest(bucketName, objectKey);
generatePresignedUrlRequest.setMethod(HttpMethod.GET); // Default.
generatePresignedUrlRequest.setExpiration(expiration);
URL s = s3client.generatePresignedUrl(generatePresignedUrlRequest);
如果要从控制台执行此操作,请转到s3存储桶,然后在对象上单击“下载”。这将显示一个框,您可以在其中单击“下载”。如果右键单击此链接并复制地址链接,则会获得该对象的预签名网址
| 归档时间: |
|
| 查看次数: |
2765 次 |
| 最近记录: |