tencent cloud

Cloud Object Storage

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
Features
Use Cases
Strengths
Concepts
Regions and Access Endpoints
Specifications and Limits
Service Regions and Service Providers
Billing
Billing Overview
Billing Method
Billable Items
Free Tier
Billing Examples
Viewing and Downloading Bill
Payment Overdue
FAQs
Getting Started
Console
Getting Started with COSBrowser
User Guide
Creating Request
Bucket
Object
Data Management
Batch Operation
Global Acceleration
Monitoring and Alarms
Operations Center
Data Processing
Content Moderation
Smart Toolbox
Data Processing Workflow
Application Integration
User Tools
Tool Overview
Installation and Configuration of Environment
COSBrowser
COSCLI (Beta)
COSCMD
COS Migration
FTP Server
Hadoop
COSDistCp
HDFS TO COS
GooseFS-Lite
Online Tools
Diagnostic Tool
Use Cases
Overview
Access Control and Permission Management
Performance Optimization
Accessing COS with AWS S3 SDK
Data Disaster Recovery and Backup
Domain Name Management Practice
Image Processing
Audio/Video Practices
Workflow
Direct Data Upload
Content Moderation
Data Security
Data Verification
Big Data Practice
COS Cost Optimization Solutions
Using COS in the Third-party Applications
Migration Guide
Migrating Local Data to COS
Migrating Data from Third-Party Cloud Storage Service to COS
Migrating Data from URL to COS
Migrating Data Within COS
Migrating Data Between HDFS and COS
Data Lake Storage
Cloud Native Datalake Storage
Metadata Accelerator
GooseFS
Data Processing
Data Processing Overview
Image Processing
Media Processing
Content Moderation
File Processing Service
File Preview
Troubleshooting
Obtaining RequestId
Slow Upload over Public Network
403 Error for COS Access
Resource Access Error
POST Object Common Exceptions
API Documentation
Introduction
Common Request Headers
Common Response Headers
Error Codes
Request Signature
Action List
Service APIs
Bucket APIs
Object APIs
Batch Operation APIs
Data Processing APIs
Job and Workflow
Content Moderation APIs
Cloud Antivirus API
SDK Documentation
SDK Overview
Preparations
Android SDK
C SDK
C++ SDK
.NET(C#) SDK
Flutter SDK
Go SDK
iOS SDK
Java SDK
JavaScript SDK
Node.js SDK
PHP SDK
Python SDK
React Native SDK
Mini Program SDK
Error Codes
Harmony SDK
Endpoint SDK Quality Optimization
Security and Compliance
Data Disaster Recovery
Data Security
Cloud Access Management
FAQs
Popular Questions
General
Billing
Domain Name Compliance Issues
Bucket Configuration
Domain Names and CDN
Object Operations
Logging and Monitoring
Permission Management
Data Processing
Data Security
Pre-signed URL Issues
SDKs
Tools
APIs
Agreements
Service Level Agreement
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentaçãoCloud Object StorageSDK DocumentationJava SDKObject OperationsGenerating Pre-Signed URLs

Generating Pre-Signed URLs

PDF
Modo Foco
Tamanho da Fonte
Última atualização: 2024-02-02 16:24:05

Overview

This document provides an overview of SDK code samples related to generating pre-signed object URLs.
For details about how to use a pre-signed URL for uploads, see Upload via Pre-Signed URL. For details about how to use a pre-signed URL for downloads, see Download via Pre-Signed URL.
Note:
We recommend you use a temporary key as instructed in Generating and Using Temporary Keys to generate a pre-signed URL for the security of your requests such as uploads and downloads. When you apply for a temporary key, follow the Notes on Principle of Least Privilege to avoid leaking resources besides your buckets and objects.
If you need to use a permanent key to generate a pre-signed URL, you are advised to limit the permission of the permanent key to uploads and downloads only to avoid risks.
Obtain the signed/pre-signed URL function. By default, it is signed to the Host header. You can also choose not to sign it to Host (the request might fail or vulnerabilities might occur).

Simple Operations

Requests for simple operations need to be initiated through COSClient instances. You need to create a COSClient instance before performing simple operations.
COSClient instances are concurrency-safe. You are advised to create only one COSClient instance for a process and then close it when it is no longer used to initiate requests.

Creating a COSClient instance with a temporary key (recommended)

If you want to request COS with a temporary key, you need to create a COSClient instance with the temporary key. This SDK does not generate temporary keys. For details on how to generate a temporary key, see Generating Temporary Keys.

// Create a COSClient instance, which is used to initiate requests later.
COSClient createCOSClient() {
    // Here, the temporary key information is needed.
    // For details on how to generate temporary keys, please visit https://www.tencentcloud.com/document/product/436/14048#cos-sts-sdk.
    String tmpSecretId = "TMPSECRETID";
    String tmpSecretKey = "TMPSECRETKEY";
    String sessionToken = "SESSIONTOKEN";

    COSCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken);

    // `ClientConfig` contains the COS client configuration for subsequent COS requests.
    ClientConfig clientConfig = new ClientConfig();

    // Set the bucket region.
    // For more information on COS regions, visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.
    clientConfig.setRegion(new Region("COS_REGION"));

    // Set the request protocol to `HTTP` or `HTTPS`.
    // For v5.6.53 or earlier, HTTPS is recommended.
    // For v5.6.54 or later, HTTPS is used by default.
    clientConfig.setHttpProtocol(HttpProtocol.https);

    // The following settings are optional.

    // Set the read timeout period, which is 30s by default.
    clientConfig.setSocketTimeout(30*1000);
    // Set the connection timeout period, which is 30s by default.
    clientConfig.setConnectionTimeout(30*1000);

    // If necessary, set the HTTP proxy, IP, and port.
    clientConfig.setHttpProxyIp("httpProxyIp");
    clientConfig.setHttpProxyPort(80);

    // Generate a COS client.
    return new COSClient(cred, clientConfig);
}

Creating a COSClient instance with a permanent key (not recommended)

Before calling the COS API, first create a COSClient instance.
// Create a COSClient instance, which is used to initiate requests later.
COSClient createCOSClient() {
    // Set the user identity information.
    // Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.
    SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
    SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
    COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);

    // `ClientConfig` contains the COS client configuration for subsequent COS requests.
    ClientConfig clientConfig = new ClientConfig();

    // Set the bucket region.
    // For more information on COS regions, visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.
    clientConfig.setRegion(new Region("COS_REGION"));

    // Set the request protocol to `HTTP` or `HTTPS`.
    // For v5.6.53 or earlier, HTTPS is recommended.
    // For v5.6.54 or later, HTTPS is used by default.
    clientConfig.setHttpProtocol(HttpProtocol.https);

    // The following settings are optional.

    // Set the read timeout period, which is 30s by default.
    clientConfig.setSocketTimeout(30*1000);
    // Set the connection timeout period, which is 30s by default.
    clientConfig.setConnectionTimeout(30*1000);

    // If necessary, set the HTTP proxy, IP, and port.
    clientConfig.setHttpProxyIp("httpProxyIp");
    clientConfig.setHttpProxyPort(80);

    // Generate a COS client.
    return new COSClient(cred, clientConfig);
}

Getting pre-signed URLs

Method prototype

public URL generatePresignedUrl(String bucketName, String key, Date expiration, HttpMethodName method, Map<String, String> headers, Map<String, String> params, Boolean signPrefixMode, Boolean signHost) throws CosClientException

Sample request

// Before using the COS API, ensure that the process contains a COSClient instance. If such an instance does not exist, create one.
// For the detailed code, see "Simple Operations -> Creating a COSClient instance" on the current page.
COSClient cosClient = createCOSClient();

// Enter the bucket name in the format of `BucketName-APPID`.
String bucketName = "examplebucket-1250000000";
// Object key, the unique ID of an object in a bucket. For more information, see [Object Key](https://www.tencentcloud.com/document/product/436/13324).
String key = "exampleobject";

// Set the signature expiration time (optional). If it is not set, the signature expiration time in `ClientConfig` (1 hour) is used by default.
// Set the signature to expire in half an hour.
Date expirationDate = new Date(System.currentTimeMillis() + 30 * 60 * 1000);

// Enter the parameters of the current request, which should be the same as those of the actual request. This can prevent users from tampering with the HTTP request parameters. 
Map<String, String> params = new HashMap<String, String>();
params.put("param1", "value1");

// Enter the headers of the current request, which should be the same as those of the actual request. This can prevent users from tampering with the HTTP request headers.
Map<String, String> headers = new HashMap<String, String>();
headers.put("header1", "value1");

// HTTP method of the request. PUT for an upload request, GET for a download request, and DELETE for a deletion request.
HttpMethodName method = HttpMethodName.GET;

URL url = cosClient.generatePresignedUrl(bucketName, key, expirationDate, method, headers, params);
System.out.println(url.toString());

// After confirming that the process does not use the COSClient instance anymore, close it.
cosClient.shutdown();

Field description

Parameter Name
Description
Type
Required
method
HTTP method. Options: GET, POST, PUT, DELETE, HEAD
HttpMethodName
Yes
bucketName
Bucket name in the format of BucketName-APPID. For details, see Naming Conventions
String
Yes
key
Object key, the unique ID of an object in a bucket. For more information, see Object KeyUsers do not need to encode the URL
String
Yes
expiration
Expiration time of the signature, which can be any time in the future. If this parameter is not specified, the signature will expire in one hour
Date
No
headers
Signature headers
Map<String, String>
No
params
Signature parameters
Map<String, String>
No
signPrefixMode
Whether to specify a signature with the sign parameter (not recommended). Default value: false
boolean
No
signHost
Whether to sign the Host header (recommended). Default value: true
boolean
No

Generating pre-signed download URLs overwriting headers

Method prototype

public URL generatePresignedUrl(GeneratePresignedUrlRequest req, boolean signHost) throws CosClientException

Sample request

// Before using the COS API, ensure that the process contains a COSClient instance. If such an instance does not exist, create one.
// For the detailed code, see "Simple Operations -> Creating a COSClient instance" on the current page.
COSClient cosClient = createCOSClient();

// Enter the bucket name in the format of `BucketName-APPID`.
String bucketName = "examplebucket-1250000000";
// Object key, the unique ID of an object in a bucket. For more information, see [Object Key](https://www.tencentcloud.com/document/product/436/13324).
String key = "exampleobject";

GeneratePresignedUrlRequest req =
        new GeneratePresignedUrlRequest(bucketName, key, HttpMethodName.GET);

// Set the http header returned for download.
ResponseHeaderOverrides responseHeaders = new ResponseHeaderOverrides();
String responseContentType = "image/x-icon";
String responseContentLanguage = "zh-CN";
// Set the returned header to contain filename information.
String responseContentDispositon = "filename=exampleobject";
String responseCacheControl = "no-cache";
String cacheExpireStr =
        DateUtils.formatRFC822Date(new Date(System.currentTimeMillis() + 24L * 3600L * 1000L));
responseHeaders.setContentType(responseContentType);
responseHeaders.setContentLanguage(responseContentLanguage);
responseHeaders.setContentDisposition(responseContentDispositon);
responseHeaders.setCacheControl(responseCacheControl);
responseHeaders.setExpires(cacheExpireStr);

req.setResponseHeaders(responseHeaders);

// Setting the signature expiration time (optional). If it is not configured, the signature expiration time in ClientConfig (1 hour) is used by default.
// Set the signature to expire in half an hour.
Date expirationDate = new Date(System.currentTimeMillis() + 30L * 60L * 1000L);
req.setExpiration(expirationDate);

// Parameters of the current request
req.addRequestParameter("param1", "value1");
// Enter the headers of the current request
// `host` is required.
req.putCustomRequestHeader(Headers.HOST, cosClient.getClientConfig().getEndpointBuilder().buildGeneralApiEndpoint(bucketName));
req.putCustomRequestHeader("header1", "value1");

URL url = cosClient.generatePresignedUrl(req);
System.out.println(url.toString());

// After confirming that the process does not use the COSClient instance anymore, close it.
cosClient.shutdown();

Field description

Parameter
Description
Type
Required
req
Class for requesting a pre-signed URL
GeneratePresignedUrlRequest
Yes
signHost
Whether to sign the Host header (recommended). Default value: true
boolean
No
Description of the Request member:
Request Member
Setting Method
Description
Type
method
Constructor or set method
HTTP method. Options: GET, POST, PUT, DELETE, HEAD
HttpMethodName
bucketName
Constructor or set method
Bucket name, bucket naming format is BucketName-APPID. For details, see Naming Conventions
String
key
Constructor or set method
Object key, the unique ID of an object in a bucket. For more information, please see Object KeyUsers do not need to encode the URL
String
expiration
set method
Expiration time of the signature, which can be any time in the future. If this parameter is not specified, the signature will expire in one hour.
Date
contentType
Set method
Content-Type in the request to get a signature
String
contentMd5
Set method
Content-Md5 in the request to get a signature
String
responseHeaders
Set method
The returned http header to be overridden in the request to download a signature
ResponseHeaderOverrides
versionId
Set method
Specifying the version number of the object when the bucket is enabled with versioning
String

Generating a signature

This API is used to construct a signature for a COS request. You are advised to use a temporary key to generate a signature.

Generating a signature using a temporary key (recommended)

// Here, the temporary key information is needed.
// For details on how to generate temporary keys, please visit https://www.tencentcloud.com/document/product/436/14048#cos-sts-sdk.
String tmpSecretId = "TMPSECRETID";
String tmpSecretKey = "TMPSECRETKEY";
String sessionToken = "SESSIONTOKEN";

COSCredentials cred = new BasicSessionCredentials(tmpSecretId, tmpSecretKey, sessionToken);

// Enter the bucket name in the format of `BucketName-APPID`.
String bucketName = "examplebucket-1250000000";
// Object key, the unique ID of an object in a bucket. For more information, see [Object Key](https://www.tencentcloud.com/document/product/436/13324).
String key = "exampleobject";
// If the `key` does not start with "/", you need to add "/" at the beginning; otherwise, the `resource_path` will be the `key`.
String resource_path="/" + key;

ClientConfig clientConfig = new ClientConfig(new Region("ap-beijing-1"));

// It is used to generate a signature.
COSSigner signer = new COSSigner();
// Setting the signature expiration time (optional). If it is not configured, the signature expiration time in ClientConfig (1 hour) is used by default.
// Set the signature to expire in half an hour.
Date expirationDate = new Date(System.currentTimeMillis() + 30L * 60L * 1000L);

// Parameters of the current request
Map<String, String> params = new HashMap<String, String>();
params.put("param1", "value1");

// Enter the headers of the current request
Map<String, String> headers = new HashMap<String, String>();
// `host` is required.
headers.put(Headers.HOST, clientConfig.getEndpointBuilder().buildGeneralApiEndpoint(bucketName));
headers.put("header1", "value1");

// HTTP method of the request. PUT for an upload request, GET for a download request, and DELETE for a deletion request.
HttpMethodName method = HttpMethodName.GET;

String sign = signer.buildAuthorizationStr(method, resource_path, headers, params, cred, expirationDate, true);

Generating a signature using a permanent key

// Set the user identity information.
// Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.
SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);

// Enter the bucket name in the format of `BucketName-APPID`.
String bucketName = "examplebucket-1250000000";
// Object key, the unique ID of an object in a bucket. For more information, see [Object Key](https://www.tencentcloud.com/document/product/436/13324).
String key = "exampleobject";
// If the `key` does not start with "/", you need to add "/" at the beginning; otherwise, the `resource_path` will be the `key`.
String resource_path="/" + key;

ClientConfig clientConfig = new ClientConfig(new Region("ap-beijing-1"));

// It is used to generate a signature.
COSSigner signer = new COSSigner();
// Setting the signature expiration time (optional). If it is not configured, the signature expiration time in ClientConfig (1 hour) is used by default.
// Set the signature to expire in half an hour.
Date expirationDate = new Date(System.currentTimeMillis() + 30L * 60L * 1000L);

// Parameters of the current request
Map<String, String> params = new HashMap<String, String>();
params.put("param1", "value1");

// Enter the headers of the current request
Map<String, String> headers = new HashMap<String, String>();
// `host` is required.
headers.put(Headers.HOST, clientConfig.getEndpointBuilder().buildGeneralApiEndpoint(bucketName));
headers.put("header1", "value1");

// HTTP method of the request. PUT for an upload request, GET for a download request, and DELETE for a deletion request.
HttpMethodName method = HttpMethodName.GET;

String sign = signer.buildAuthorizationStr(method, resource_path, headers, params, cred, expirationDate, true);

Generating pre-signed download URL with speed limit

For instructions about the speed limits, see Single-Connection Bandwidth Limit.

Sample request

The following takes generating a speed-limited pre-signed download URL as an example:
public static void GenerateSimplePresignedDownloadUrl() {
        // 1. Initialize user authentication information (`secretId`, `secretKey`).
            // Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.
            SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
            SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
            COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);
        // 2. Set the region of the bucket.
              // COS_REGION parameter, which needs to be set to the actual region of the bucket, for example, ap-beijing. For the abbreviations for more COS regions, visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.
        ClientConfig clientConfig = new ClientConfig(new Region("COS_REGION"));
        // 3. Generate a COS client
        COSClient cosclient = new COSClient(cred, clientConfig);
        // The bucket name must contain `appid`.
        String bucketName = "examplebucket-1250000000";

        String key = "exampleobject";
        GeneratePresignedUrlRequest req =
                new GeneratePresignedUrlRequest(bucketName, key, HttpMethodName.GET);
        // Set the signature expiration time (optional). If it is not set, the signature expiration time in `ClientConfig` (1 hour) is used by default.
        // Set the signature to expire in half an hour.
        Date expirationDate = new Date(System.currentTimeMillis() + 30 * 60 * 1000);
        req.setExpiration(expirationDate);

        // Parameters of the current request
        // Set the speed limit value, such as 128 KB/s.
        req.addRequestParameter("x-cos-traffic-limit", "1048576");

        // Enter the headers of the current request. `Host` is required.
        req.putCustomRequestHeader(Headers.HOST,
        cosclient.getClientConfig().getEndpointBuilder().buildGeneralApiEndpoint(bucketName));
        //req.putCustomRequestHeader("header1", "value1");

        URL url = cosclient.generatePresignedUrl(req);
        System.out.println(url.toString());

        cosclient.shutdown();
    }
Anterior: Object Access URLPróximo: Restoring Archived Objects

Ajuda e Suporte

Esta página foi útil?

comentários