Object权限控制
更新时间:2022-10-21
设置Object的访问权限
目前BOS支持两种方式设置ACL。第一种是使用Canned Acl,在PutObjectAcl的时候,通过头域的"x-bce-acl"或者"x-bce-grant-permission'来设置object访问权限,当前可设置的权限包括private和public-read,两种类型的header不可以同时在一个请求中出现。第二种方式是上传一个ACL文件。
详细信息请参考设置Object权限控制。
1、通过使用头域的"x-bce-acl"或者"x-bce-grant-permission'来设置object访问权限
- set object acl 第一种方式(以请求头方式设置)
Java
1SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey",CannedAccessControlList.PublicRead);
2client.setObjectAcl(setObjectAclRequest);- set object acl 第一种方式(以请求头方式设置 xBceGrantRead)
Java
1String xBceGrantRead = "id=\"user_id1\""+",id=\"user_id2\"";
2SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest();
3setObjectAclRequest.withBucketName("yourBucketName");
4setObjectAclRequest.withKey("objectKey");
5setObjectAclRequest.setxBceGrantRead(xBceGrantRead);
6client.setObjectAcl(setObjectAclRequest);- set object acl 第一种方式(已请求头方式设置 xBceGrantFullControl)
Java
1String xBceGrantFullControl = "id=\"user_id1\""+",id=\"user_id2\"";
2SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest();
3setObjectAclRequest.withBucketName("yourBucketName");
4setObjectAclRequest.withKey("objectKey");
5setObjectAclRequest.setxBceGrantFullControl(xBceGrantFullControl);
6client.setObjectAcl(setObjectAclRequest);2、通过setObjectAcl设置object访问权限
- set object acl 第二种方式(json字符串)
Java
1String jsonObjectAcl = "{\"accessControlList\":["+ "{\"grantee\":[{\"id\":\"*\"}], "+ "\"permission\":[\"FULL_CONTROL\"]"+"}]}";
2
3SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey",jsonObjectAcl);
4
5client.setObjectAcl(setObjectAclRequest);- set object acl 第二种方式,用户只需指定指定参数即可
Java
1List<Grant> grants = new ArrayList<Grant>();
2List<Grantee> grantees = new ArrayList<Grantee>();
3List<Permission> permissions = new ArrayList<Permission>();
4
5// 授权给特定用户
6grantees.add(new Grantee("user_id1"));
7grantees.add(new Grantee("user_id2"));
8grantees.add(new Grantee("user_id3"));
9
10// 设置权限
11permissions.add(Permission.READ);
12grants.add(new Grant().withGrantee(grantees).withPermission(permissions));
13
14SetObjectAclRequest setObjectAclRequest = new SetObjectAclRequest("yourBucketName","objectKey", grants);
15client.setObjectAcl(setObjectAclRequest);查看Object的权限
如下代码可以查Object的权限:
Java
1GetObjectAclRequest getObjectRequest = new GetObjectAclRequest();
2getObjectRequest.withBucketName("yourBucketName");
3getObjectRequest.withKey("objectKey");
4GetObjectAclResponse response = client.getObjectAcl(getObjectRequest);getObjectAcl方法返回的解析类中可供调用的参数有:
| 参数 | 说明 |
|---|---|
| accessControlList | 标识Object的权限列表 |
| grantee | 标识被授权人 |
| -id | 被授权人ID |
| permission | 标识被授权人的权限 |
删除Object的权限
如下代码可以删除Object的权限:
Java
1DeleteObjectAclRequest deleteObjectAclRequest = new DeleteObjectAclRequest("yourBucketName","objectKey");
2
3client.deleteObjectAcl(deleteObjectAclRequest);