[英]generate public link for Google Cloud Storage objects
如何为用户通过BlobStore API提交的Google Cloud Storage对象生成公共链接?
There are a few ways to serve public GCS objects. 有几种服务公共GCS对象的方法。 One is signed URLs. 一种是签名URL。 Another is the getServingUrl()
App Engine method. 另一个是getServingUrl()
App Engine方法。
However, if the object should be visible to everyone, you can do something simpler. 但是,如果该对象对所有人都可见,则可以做一些简单的事情。 Set the object's permissions to grant READ permission to "AllUsers", which allows the object to be read without any authentication, then simply refer users to this path: 设置对象的权限以授予对“ AllUsers”的读取权限,该权限允许无需任何身份验证即可读取对象,然后只需将用户引至以下路径即可:
https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME
That's it! 而已!
You can set an object to be publicly readable from the cloud console, via the APIs, or with this gsutil command: gsutil acl ch -g AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
您可以通过API或以下gsutil命令将对象设置为可从云控制台公开读取: gsutil acl ch -g AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
How to generate public link for Google Cloud Storage objects? 如何为Google Cloud Storage对象生成公共链接?
.p12
key file. 通过控制台手动创建服务帐户,并生成.p12
密钥文件。 blobstoreService.createUploadUrl("/fileUploadingHandler",
UploadOptions.Builder.withMaxUploadSizeBytes(1024*1024*10) // 10 MB max
.googleStorageBucketName(BUCKET_NAME));
the servlet (that handles /fileUploadingHandler
) can retrieve the file name of the GCS object and generate a temporary signed public link as follows: servlet(处理/fileUploadingHandler
)可以检索GCS对象的文件名,并生成临时签名的公共链接,如下所示:
Map<String, List<FileInfo>> fileInfoMap = blobstoreService.getFileInfos(request);
List<FileInfo> fileInfos = fileInfoMap.get("fileName");
FileInfo fileInfo = fileInfos.get(0);
String[] parts = fileInfo.getGsObjectName().split("/"); // get rid of /gs/buck_name/
String fileName = parts[parts.length - 1];
String signedUrl = GcsUrlSigner.generateSignedUrl(fileName);
// send the temporary public link (signedUrl) back to the user
import com.google.api.client.util.Base64;
import java.io.InputStream;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
/**
* Created by Fouad on 22-Dec-15.
*/
public class GcsUrlSigner
{
private static final String DEFAULT_BUCKET_NAME = "XXXXXXXX.appspot.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_EMAIL = "XXXXXXXX@XXXXXX.iam.gserviceaccount.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH = "XXXXXX.p12"; // located in the same folder as GcsUrlSigner.java
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD = "notasecret";
private static final long PUBLIC_URL_EXPIRATION_SECONDS = System.currentTimeMillis() / 1000 + 60; // 60 seconds
public static String generateSignedUrl(String objectName) throws Exception
{
return generateSignedUrl(DEFAULT_BUCKET_NAME, objectName);
}
public static String generateSignedUrl(String bucketName, String objectName) throws Exception
{
PrivateKey key = loadKeyFromPkcs12(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH, PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD.toCharArray());
return getSigningURL(key, "GET", PUBLIC_URL_EXPIRATION_SECONDS, bucketName, objectName);
}
private static String getSigningURL(PrivateKey key, String verb, long expirationSeconds, String bucketName, String objectName) throws Exception
{
String url_signature = signString(key, verb + "\n\n\n" + expirationSeconds + "\n" + "/" + bucketName + "/" + objectName);
String signed_url = "https://storage.googleapis.com/" + bucketName + "/" + objectName +
"?GoogleAccessId=" + PUBLIC_URL_SERVICE_ACCOUNT_EMAIL +
"&Expires=" + expirationMillis +
"&Signature=" + URLEncoder.encode(url_signature, "UTF-8");
return signed_url;
}
private static PrivateKey loadKeyFromPkcs12(String filename, char[] password) throws Exception
{
InputStream is = GcsUrlSigner.class.getResourceAsStream(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(is, password);
return (PrivateKey) ks.getKey("privatekey", password);
}
private static String signString(PrivateKey key, String stringToSign) throws Exception
{
if(key == null) throw new Exception("Private Key not initalized");
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(key);
signer.update(stringToSign.getBytes("UTF-8"));
byte[] rawSignature = signer.sign();
return new String(Base64.encodeBase64(rawSignature), "UTF-8");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.