下载文件从Amazon S3重定向到客户端
[英]Download file redirecting from Amazon S3 to Client
问题描述
I'm very novice with Amazon S3 and I would like to build a solution that maybe not exist. 
我是Amazon S3的新手,我想构建一个可能不存在的解决方案。
I have to build a web application (Java or PHP Backend) where the user logins and downloads files. 我必须构建一个Web应用程序(Java或PHP后端),用户可以在其中登录和下载文件。 The web server (Tomcat or Apache) validates the user and allows the download from Amazon S3. Web服务器(Tomcat或Apache)验证用户并允许从Amazon S3下载。 When I've worked with a CMS the files were small and there were few requests. 当我使用CMS时,文件很小,请求很少。 So, the flow was: 因此,流程为:
Client (User) > Server (user validation) > CMS (get file) > Server > Client (User)
Now, the files are bigger and I would like to get the next flow: 现在,文件更大了,我想得到下一个流程:
Client (User) > Server (user validation) > Amazon S3 > Client (User)
My goal is to improve the performance of my server and avoid the excess traffic of files when the user gets one. 我的目标是提高服务器的性能,并避免在用户获得文件时过多的文件流量。 Is it possible? 可能吗?
My first approach (not implemet yet!) is a sendredirect from my server to Amazon S3: 我的第一种方法(尚未实现!)是从服务器到Amazon S3的sendredirect:
User requests /file1 => Server "translates" /file1 to /company.s3.amazon/mybucket/file1.pdf and does the sendredirect to Amazon S3 link. 用户请求/file1 =>服务器将/file1转换为/company.s3.amazon/mybucket/file1.pdf并执行sendredirect到Amazon S3链接。
With this approach I think I can't validate IAM user (I don't use any API) but I also think I can protect the content with a Bucket Policy filtering by server IP address . 通过这种方法,我认为我无法验证IAM用户(我不使用任何API),但我也可以通过按服务器IP地址过滤的存储桶策略来保护内容。
Thanks. 谢谢。
1 个解决方案
解决方案1
1 已采纳 2016-11-21 10:01:46
I would recommend using a Pre-Signed URL , which is a way of providing temporary access to private objects that are stored in Amazon S3. 我建议使用Pre-Signed URL ,这是一种提供对存储在Amazon S3中的私有对象的临时访问的方法。
The pre-signed URL consists of: 预先签名的URL包括:
- The file URL 档案网址
- An Access Key associated with a user that has permissions to GET the file 与有权获取文件的用户相关联的访问密钥
- An expiration timestamp 到期时间戳记
- A hashed signature based on the authorised user's Secret Key (which is matched with their Access Key) 基于授权用户的秘密密钥(与他们的访问密钥匹配)的哈希签名
The pre-signed URL can be generated from a few lines of code and is only evaluated when the GET request is sent to Amazon S3. 可以从几行代码中生成预签名的URL,只有在GET请求发送到Amazon S3时才进行评估 。
When your application (on the server) determines that the user is entitled to access the file , it can generate the pre-signed URL and return it as part of a web page (eg in a hyperlink). 当您的应用程序(在服务器上)确定用户有权访问文件时 ,它可以生成预签名的URL并将其作为网页的一部分返回(例如,在超链接中)。 When the user clicks the link, the file will be served directly out of S3 . 当用户单击链接时,文件将直接从S3中提供 。 After the expiry period, the URL will no longer provide access to the file. 到期后,URL将不再提供对该文件的访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.