简介
本文档提供关于存储桶策略的 API 概览以及 SDK 示例代码。
API | 操作名 | 操作描述 |
设置存储桶策略 | 设置指定存储桶的权限策略 | |
查询存储桶策略 | 查询指定存储桶的权限策略 | |
删除存储桶策略 | 删除指定存储桶的权限策略 |
设置存储桶策略
功能说明
PUT Bucket policy 请求可以向 Bucket 写入权限策略,当存储桶已存在权限策略时,该请求上传的策略将覆盖原有的权限策略。
方法原型
public void setBucketPolicy(String bucketName, String policyText)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;public class BucketPolicyDemo {public static void SetBucketPolicy() {// 1 初始化用户身份信息(推荐使用临时密钥)String tmpSecretId = "SECRETID";String tmpSecretKey = "SECRETKEY";String sessionToken = "TOKEN";BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken);// 2 设置 bucket 的地域Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,例如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224ClientConfig clientConfig = new ClientConfig(region);// 3 生成 cos 客户端COSClient cosclient = new COSClient(cred, clientConfig);// bucket 名需包含 appidString bucketName = "examplebucket-1250000000";String bucketPolicyStr = "{" +" \\"Statement\\": [" +" {" +" \\"Principal\\": {" +" \\"qcs\\": [" +" \\"qcs::cam::uin/100000000001:uin/100000000011\\"" + //替换成您想授予权限的账户 uin" ]" +" }," +" \\"Effect\\": \\"allow\\"," +" \\"Action\\": [" +" \\"cos:PutObject\\"" +" ]," +" \\"Resource\\": [" + //这里改成允许的路径前缀,可以根据自己网站的用户登录状态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)" \\"qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject\\"" +" ]," +" \\"Condition\\": {" +" \\"string_equal\\": {" +" \\"cos:x-cos-mime-limit\\": \\"image/jpeg\\"" +" }" +" }" +" }" +" ]," +" \\"Version\\": \\"2.0\\"" +" }";cosclient.setBucketPolicy(bucketName, bucketPolicyStr);cosclient.shutdown();}public static void main(String[] args) {SetBucketPolicy();}}
参数说明
参数名称 | 描述 | 必填 |
Statement | 描述一条或多条权限的详细信息 | 是 |
Version | 策略语法版本,默认为2.0 | 是 |
Principal | 描述策略授权的实体,详情请参见 访问策略语言概述 | 是 |
Action | 此处是指 COS API,根据需求指定一个或者一序列操作的组合或所有操作( *),例如 action 为 name/cos:GetService,请注意区分英文大小写 | 是 |
Effect | 有 allow(允许)和 deny(显式拒绝)两种情况 | 是 |
Resource | 授权操作的具体数据,可以是任意资源、指定路径前缀的资源、指定绝对路径的资源或它们的组合 | 是 |
Condition | 否 |
查询存储桶策略
功能说明
GET Bucket policy 请求可以向 Bucket 读取权限策略。
方法原型
public BucketPolicy getBucketPolicy(String bucketName)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;import com.qcloud.cos.model.BucketPolicy;public class BucketPolicyDemo {public static void GetBucketPolicy() {// 1 初始化用户身份信息(推荐使用临时密钥)String tmpSecretId = "SECRETID";String tmpSecretKey = "SECRETKEY";String sessionToken = "TOKEN";BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken);// 2 设置 bucket 的地域Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,例如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224ClientConfig clientConfig = new ClientConfig(region);// 3 生成 cos 客户端COSClient cosclient = new COSClient(cred, clientConfig);// bucket 名需包含 appidString bucketName = "examplebucket-1250000000";BucketPolicy bucketPolicy = cosclient.getBucketPolicy(bucketName);System.out.println(bucketPolicy.getPolicyText());cosclient.shutdown();}public static void main(String[] args) {GetBucketPolicy();}}
返回结果说明
public class BucketPolicy implements Serializable {private static final long serialVersionUID = 1L;/** The raw, policy JSON text, as returned by COS */private String policyText;/*** Gets the raw policy JSON text as returned by COS. If no policy has been applied to the* specified bucket, the policy text will be null.** @return The raw policy JSON text as returned by COS. If no policy has been applied to the* specified bucket, this method returns null policy text.** @see BucketPolicy#setPolicyText(String)*/public String getPolicyText() {return policyText;}/*** Sets the raw policy JSON text. A bucket will have no policy text unless the policy text is* explicitly provided through this method.** @param policyText The raw policy JSON text.** @see BucketPolicy#getPolicyText()*/public void setPolicyText(String policyText) {this.policyText = policyText;}}
删除存储桶策略
功能说明
DELETE Bucket policy 请求可以向 Bucket 删除权限策略。
方法原型
public void deleteBucketPolicy(String bucketName)
请求示例
import com.qcloud.cos.COSClient;import com.qcloud.cos.ClientConfig;import com.qcloud.cos.auth.BasicCOSCredentials;import com.qcloud.cos.auth.COSCredentials;import com.qcloud.cos.region.Region;import com.qcloud.cos.model.BucketPolicy;public class BucketPolicyDemo {public static void DelBucketPolicy() {// 1 初始化用户身份信息(推荐使用临时密钥)String tmpSecretId = "SECRETID";String tmpSecretKey = "SECRETKEY";String sessionToken = "TOKEN";BasicSessionCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken);// 2 设置 bucket 的地域Region region = new Region("COS_REGION"); //COS_REGION 参数:配置成存储桶 bucket 的实际地域,比如 ap-beijing,更多 COS 地域的简称请参见 https://cloud.tencent.com/document/product/436/6224ClientConfig clientConfig = new ClientConfig(region);// 3 生成 cos 客户端COSClient cosclient = new COSClient(cred, clientConfig);// bucket 名需包含 appidString bucketName = "examplebucket-1250000000";cosclient.deleteBucketPolicy(bucketName);cosclient.shutdown();}public static void main(String[] args) {DelBucketPolicy();}}