生成Google Cloud Storage对象的公共链接
[英]generate public link for Google Cloud Storage objects
问题描述
如何为用户通过BlobStore API提交的Google Cloud Storage对象生成公共链接?
2 个解决方案
解决方案1
4 已采纳 2015-12-22 21:56:26
There are a few ways to serve public GCS objects. 
有几种服务公共GCS对象的方法。 One is signed URLs. 一种是签名URL。 Another is the getServingUrl() App Engine method. 另一个是getServingUrl() App Engine方法。
However, if the object should be visible to everyone, you can do something simpler. 但是,如果该对象对所有人都可见,则可以做一些简单的事情。 Set the object's permissions to grant READ permission to "AllUsers", which allows the object to be read without any authentication, then simply refer users to this path: 设置对象的权限以授予对“ AllUsers”的读取权限,该权限允许无需任何身份验证即可读取对象,然后只需将用户引至以下路径即可:
https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME
That's it! 而已!
You can set an object to be publicly readable from the cloud console, via the APIs, or with this gsutil command: gsutil acl ch -g AllUsers:R gs://BUCKET_NAME/OBJECT_NAME 您可以通过API或以下gsutil命令将对象设置为可从云控制台公开读取: gsutil acl ch -g AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
解决方案2
0 2015-12-22 02:04:40
How to generate public link for Google Cloud Storage objects? 如何为Google Cloud Storage对象生成公共链接?
- Create a service account manually via the console and generate a
.p12key file.通过控制台手动创建服务帐户,并生成.p12密钥文件。 - After the user uploads the file to the URL that was generated using: 用户将文件上传到使用以下命令生成的URL后:
blobstoreService.createUploadUrl("/fileUploadingHandler",
UploadOptions.Builder.withMaxUploadSizeBytes(1024*1024*10) // 10 MB max
.googleStorageBucketName(BUCKET_NAME));
the servlet (that handles /fileUploadingHandler ) can retrieve the file name of the GCS object and generate a temporary signed public link as follows: servlet(处理/fileUploadingHandler )可以检索GCS对象的文件名,并生成临时签名的公共链接,如下所示:
Map<String, List<FileInfo>> fileInfoMap = blobstoreService.getFileInfos(request);
List<FileInfo> fileInfos = fileInfoMap.get("fileName");
FileInfo fileInfo = fileInfos.get(0);
String[] parts = fileInfo.getGsObjectName().split("/"); // get rid of /gs/buck_name/
String fileName = parts[parts.length - 1];
String signedUrl = GcsUrlSigner.generateSignedUrl(fileName);
// send the temporary public link (signedUrl) back to the user
import com.google.api.client.util.Base64;
import java.io.InputStream;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
/**
* Created by Fouad on 22-Dec-15.
*/
public class GcsUrlSigner
{
private static final String DEFAULT_BUCKET_NAME = "XXXXXXXX.appspot.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_EMAIL = "XXXXXXXX@XXXXXX.iam.gserviceaccount.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH = "XXXXXX.p12"; // located in the same folder as GcsUrlSigner.java
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD = "notasecret";
private static final long PUBLIC_URL_EXPIRATION_SECONDS = System.currentTimeMillis() / 1000 + 60; // 60 seconds
public static String generateSignedUrl(String objectName) throws Exception
{
return generateSignedUrl(DEFAULT_BUCKET_NAME, objectName);
}
public static String generateSignedUrl(String bucketName, String objectName) throws Exception
{
PrivateKey key = loadKeyFromPkcs12(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH, PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD.toCharArray());
return getSigningURL(key, "GET", PUBLIC_URL_EXPIRATION_SECONDS, bucketName, objectName);
}
private static String getSigningURL(PrivateKey key, String verb, long expirationSeconds, String bucketName, String objectName) throws Exception
{
String url_signature = signString(key, verb + "\n\n\n" + expirationSeconds + "\n" + "/" + bucketName + "/" + objectName);
String signed_url = "https://storage.googleapis.com/" + bucketName + "/" + objectName +
"?GoogleAccessId=" + PUBLIC_URL_SERVICE_ACCOUNT_EMAIL +
"&Expires=" + expirationMillis +
"&Signature=" + URLEncoder.encode(url_signature, "UTF-8");
return signed_url;
}
private static PrivateKey loadKeyFromPkcs12(String filename, char[] password) throws Exception
{
InputStream is = GcsUrlSigner.class.getResourceAsStream(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(is, password);
return (PrivateKey) ks.getKey("privatekey", password);
}
private static String signString(PrivateKey key, String stringToSign) throws Exception
{
if(key == null) throw new Exception("Private Key not initalized");
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(key);
signer.update(stringToSign.getBytes("UTF-8"));
byte[] rawSignature = signer.sign();
return new String(Base64.encodeBase64(rawSignature), "UTF-8");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.