[英]generate public link for Google Cloud Storage objects
如何為用戶通過BlobStore API提交的Google Cloud Storage對象生成公共鏈接?
有幾種服務公共GCS對象的方法。 一種是簽名URL。 另一個是getServingUrl()
App Engine方法。
但是,如果該對象對所有人都可見,則可以做一些簡單的事情。 設置對象的權限以授予對“ AllUsers”的讀取權限,該權限允許無需任何身份驗證即可讀取對象,然后只需將用戶引至以下路徑即可:
https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME
而已!
您可以通過API或以下gsutil命令將對象設置為可從雲控制台公開讀取: gsutil acl ch -g AllUsers:R gs://BUCKET_NAME/OBJECT_NAME
如何為Google Cloud Storage對象生成公共鏈接?
.p12
密鑰文件。 blobstoreService.createUploadUrl("/fileUploadingHandler",
UploadOptions.Builder.withMaxUploadSizeBytes(1024*1024*10) // 10 MB max
.googleStorageBucketName(BUCKET_NAME));
servlet(處理/fileUploadingHandler
)可以檢索GCS對象的文件名,並生成臨時簽名的公共鏈接,如下所示:
Map<String, List<FileInfo>> fileInfoMap = blobstoreService.getFileInfos(request);
List<FileInfo> fileInfos = fileInfoMap.get("fileName");
FileInfo fileInfo = fileInfos.get(0);
String[] parts = fileInfo.getGsObjectName().split("/"); // get rid of /gs/buck_name/
String fileName = parts[parts.length - 1];
String signedUrl = GcsUrlSigner.generateSignedUrl(fileName);
// send the temporary public link (signedUrl) back to the user
import com.google.api.client.util.Base64;
import java.io.InputStream;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
/**
* Created by Fouad on 22-Dec-15.
*/
public class GcsUrlSigner
{
private static final String DEFAULT_BUCKET_NAME = "XXXXXXXX.appspot.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_EMAIL = "XXXXXXXX@XXXXXX.iam.gserviceaccount.com";
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH = "XXXXXX.p12"; // located in the same folder as GcsUrlSigner.java
private static final String PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD = "notasecret";
private static final long PUBLIC_URL_EXPIRATION_SECONDS = System.currentTimeMillis() / 1000 + 60; // 60 seconds
public static String generateSignedUrl(String objectName) throws Exception
{
return generateSignedUrl(DEFAULT_BUCKET_NAME, objectName);
}
public static String generateSignedUrl(String bucketName, String objectName) throws Exception
{
PrivateKey key = loadKeyFromPkcs12(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH, PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PASSWORD.toCharArray());
return getSigningURL(key, "GET", PUBLIC_URL_EXPIRATION_SECONDS, bucketName, objectName);
}
private static String getSigningURL(PrivateKey key, String verb, long expirationSeconds, String bucketName, String objectName) throws Exception
{
String url_signature = signString(key, verb + "\n\n\n" + expirationSeconds + "\n" + "/" + bucketName + "/" + objectName);
String signed_url = "https://storage.googleapis.com/" + bucketName + "/" + objectName +
"?GoogleAccessId=" + PUBLIC_URL_SERVICE_ACCOUNT_EMAIL +
"&Expires=" + expirationMillis +
"&Signature=" + URLEncoder.encode(url_signature, "UTF-8");
return signed_url;
}
private static PrivateKey loadKeyFromPkcs12(String filename, char[] password) throws Exception
{
InputStream is = GcsUrlSigner.class.getResourceAsStream(PUBLIC_URL_SERVICE_ACCOUNT_PKCS12_FILE_PATH);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(is, password);
return (PrivateKey) ks.getKey("privatekey", password);
}
private static String signString(PrivateKey key, String stringToSign) throws Exception
{
if(key == null) throw new Exception("Private Key not initalized");
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(key);
signer.update(stringToSign.getBytes("UTF-8"));
byte[] rawSignature = signer.sign();
return new String(Base64.encodeBase64(rawSignature), "UTF-8");
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.