简介
本文档提供关于存储桶策略的 API 概览以及 SDK 示例代码。
| API | 操作名 | 操作描述 |
| PUT Bucket policy | 设置存储桶策略 | 设置指定存储桶的权限策略 |
| GET Bucket policy | 查询存储桶策略 | 查询指定存储桶的权限策略 |
| DELETE Bucket policy | 删除存储桶策略 | 删除指定存储桶的权限策略 |
设置存储桶策略
功能说明
PUT Bucket policy 请求可以向 Bucket 写入权限策略,当存储桶已存在权限策略时,该请求上传的策略将覆盖原有的权限策略。
方法原型
public void setBucketPolicy(String bucketName, String policyText)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;
public class BucketPolicyDemo { public static void SetBucketPolicy() { // 1 初始化用户身份信息(推荐使用临时密钥) String tmpSecretId = "SECRETID"; String tmpSecretKey = "SECRETKEY"; String sessionToken = "TOKEN"; BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken); // 2 设置 bucket 的地域 Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,例如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224 ClientConfig clientConfig = new ClientConfig(region); // 3 生成 cos 客户端 COSClient cosclient = new COSClient(cred, clientConfig); // bucket 名需包含 appid String bucketName = "examplebucket-1250000000"; String bucketPolicyStr = "{" + " \"Statement\": [" + " {" + " \"Principal\": {" + " \"qcs\": [" + " \"qcs::cam::uin/100000000001:uin/100000000011\"" + //替换成您想授予权限的账户 uin " ]" + " }," + " \"Effect\": \"allow\"," + " \"Action\": [" + " \"cos:PutObject\"" + " ]," + " \"Resource\": [" + //这里改成允许的路径前缀,可以根据自己网站的用户登录状态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用) " \"qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject\"" + " ]," + " \"Condition\": {" + " \"string_equal\": {" + " \"cos:x-cos-mime-limit\": \"image/jpeg\"" + " }" + " }" + " }" + " ]," + " \"Version\": \"2.0\"" + " }";
cosclient.setBucketPolicy(bucketName, bucketPolicyStr); cosclient.shutdown(); } public static void main(String[] args) { SetBucketPolicy(); }}
参数说明
| 参数名称 | 描述 | 必填 |
| Statement | 描述一条或多条权限的详细信息 | 是 |
| Version | 策略语法版本,默认为2.0 | 是 |
| Principal | 描述策略授权的实体,详情请参见 访问策略语言概述 | 是 |
| Action | 此处是指 COS API,根据需求指定一个或者一序列操作的组合或所有操作(*),例如 action 为 name/cos:GetService,请注意区分英文大小写 |
是 |
| Effect | 有 allow(允许)和 deny(显式拒绝)两种情况 | 是 |
| Resource | 授权操作的具体数据,可以是任意资源、指定路径前缀的资源、指定绝对路径的资源或它们的组合 | 是 |
| Condition | 约束条件,可以不填,具体说明请参见 condition 说明 | 否 |
查询存储桶策略
功能说明
GET Bucket policy 请求可以向 Bucket 读取权限策略。
方法原型
public BucketPolicy getBucketPolicy(String bucketName)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;import com.qcloud.cos.model.BucketPolicy;
public class BucketPolicyDemo { public static void GetBucketPolicy() { // 1 初始化用户身份信息(推荐使用临时密钥) String tmpSecretId = "SECRETID"; String tmpSecretKey = "SECRETKEY"; String sessionToken = "TOKEN"; BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken); // 2 设置 bucket 的地域 Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,例如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224 ClientConfig clientConfig = new ClientConfig(region); // 3 生成 cos 客户端 COSClient cosclient = new COSClient(cred, clientConfig); // bucket 名需包含 appid String bucketName = "examplebucket-1250000000"; BucketPolicy bucketPolicy = cosclient.getBucketPolicy(bucketName); System.out.println(bucketPolicy.getPolicyText()); cosclient.shutdown(); } public static void main(String[] args) { GetBucketPolicy(); }}
返回结果说明
public class BucketPolicy implements Serializable { private static final long serialVersionUID = 1L; /** The raw, policy JSON text, as returned by COS */ private String policyText;
/** * Gets the raw policy JSON text as returned by COS. If no policy has been applied to the * specified bucket, the policy text will be null. * * @return The raw policy JSON text as returned by COS. If no policy has been applied to the * specified bucket, this method returns null policy text. * * @see BucketPolicy#setPolicyText(String) */ public String getPolicyText() { return policyText; }
/** * Sets the raw policy JSON text. A bucket will have no policy text unless the policy text is * explicitly provided through this method. * * @param policyText The raw policy JSON text. * * @see BucketPolicy#getPolicyText() */ public void setPolicyText(String policyText) { this.policyText = policyText; }}
删除存储桶策略
功能说明
DELETE Bucket policy 请求可以向 Bucket 删除权限策略。
方法原型
public void deleteBucketPolicy(String bucketName)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;import com.qcloud.cos.model.BucketPolicy;
public class BucketPolicyDemo { public static void DelBucketPolicy() { // 1 初始化用户身份信息(推荐使用临时密钥) String tmpSecretId = "SECRETID"; String tmpSecretKey = "SECRETKEY"; String sessionToken = "TOKEN"; BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken); // 2 设置 bucket 的地域 Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,比如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224 ClientConfig clientConfig = new ClientConfig(region); // 3 生成 cos 客户端 COSClient cosclient = new COSClient(cred, clientConfig); // bucket 名需包含 appid String bucketName = "examplebucket-1250000000"; cosclient.deleteBucketPolicy(bucketName); cosclient.shutdown(); } public static void main(String[] args) { DelBucketPolicy(); }}
对象存储官网1折活动,限时活动,即将结束,速速收藏
同尘科技为腾讯云授权服务中心。
购买腾讯云产品享受折上折,更有现金返利。同意关联立享优惠
转转请注明出处:https://www.yunxiaoer.com/145774.html
