前言

最近公司的私有 Oss 服務(wù)滿(mǎn)了，且 Oss 地址需要設(shè)置權(quán)限，只有當(dāng)前系統(tǒng)的登錄用戶(hù)才能訪(fǎng)問(wèn) Oss 下載地址。一開(kāi)始想著用 Nginx 做個(gè)轉(zhuǎn)發(fā)來(lái)著，Nginx 每當(dāng)檢測(cè)當(dāng)前請(qǐng)求包含特定的 Oss 地址就轉(zhuǎn)發(fā)到我們的統(tǒng)一鑒權(quán)接口上去，但是緊接著又細(xì)想了一下，轉(zhuǎn)發(fā)后的地址被惡意分享出去了，不也還是存在文件泄露的風(fēng)險(xiǎn)嗎？于是又去翻閱了一下阿里云的 Oss 權(quán)限相關(guān)的文檔。借此整合一些常用的方法，機(jī)械代碼自留也是分享給大家

完整代碼

里面整合了文件的增、刪、修改權(quán)限、獲取簽名等方法，各位替換成各自的 ak、sk 即可

package com.queyi.qykgjx.util;import com.aliyun.oss.*;
import com.aliyun.oss.internal.OSSHeaders;
import com.aliyun.oss.model.*;
import org.apache.http.ParseException;
import org.springframework.web.multipart.MultipartFile;import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;public class OssUtilCsdn {private final static String ENDPOINT = "端點(diǎn)";private final static String ACCESS_KEY_ID = "ak";private final static String ACCESS_KEY_SECRET = "sk";private final static String BUCKET_NAME = "容器名";private static String HTTPS_URL_PREFIX = ENDPOINT.replace("https://", ("https://" + BUCKET_NAME + "."));private final static String FILE_CATALOG = "文件上傳目錄";public static void cpoy(String sourceKey, String dstKey, Boolean deleteSourceFile) {OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET);CopyObjectRequest copyObjectRequest = new CopyObjectRequest(BUCKET_NAME, sourceKey, BUCKET_NAME, dstKey);ObjectMetadata objectMetadata = new ObjectMetadata();objectMetadata.setObjectAcl(CannedAccessControlList.Private);copyObjectRequest.setNewObjectMetadata(objectMetadata);ossClient.copyObject(copyObjectRequest);//刪除被拷貝的文件if (deleteSourceFile) ossClient.deleteObject(BUCKET_NAME, sourceKey);ossClient.shutdown();}public static void setAcl(String bucketName, String url, Boolean privateAcl) {ClientBuilderConfiguration config = new ClientBuilderConfiguration();config.setSupportCname(false);OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET);try {ossClient.setObjectAcl(bucketName == null ? BUCKET_NAME : bucketName,getObjectNameByFullUrl(url),privateAcl ? CannedAccessControlList.Private : CannedAccessControlList.PublicRead);} catch (OSSException oe) {oe.printStackTrace();} catch (ClientException ce) {ce.printStackTrace();} finally {if (ossClient != null) {ossClient.shutdown();}}}/*** @param bucketName 容器名稱(chēng)* @param file       待上傳的文件* @param acl        文件權(quán)限*/public static String upload(String bucketName, MultipartFile file, String acl) throws IOException {OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET);if (null == bucketName || bucketName.length() > 0) bucketName = BUCKET_NAME;InputStream inputStream = file.getInputStream();String filename = file.getOriginalFilename();String[] split = filename.split("\\.");filename = new Date().getTime() + "." + split[split.length - 1];String s = FILE_CATALOG + "/" + filename.replaceAll("/", "");PutObjectRequest o = new PutObjectRequest(bucketName, s, inputStream);ObjectMetadata metadata = new ObjectMetadata();metadata.setHeader(OSSHeaders.OSS_STORAGE_CLASS, StorageClass.Standard.toString());if ("private".equals(acl)) metadata.setObjectAcl(CannedAccessControlList.Private);else if ("public".equals(acl)) metadata.setObjectAcl(CannedAccessControlList.PublicRead);else metadata.setObjectAcl(CannedAccessControlList.Private);o.setMetadata(metadata);ossClient.putObject(o);ossClient.shutdown();inputStream.close();return HTTPS_URL_PREFIX + "/" + s;}/*** 獲取簽名*/public static String getSign(String key, int timeOut) throws ParseException {ClientBuilderConfiguration config = new ClientBuilderConfiguration();config.setSupportCname(false);Date expiration = new Date(new Date().getTime() + timeOut * 1000L);OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET, config);URL url = ossClient.generatePresignedUrl(BUCKET_NAME, key, expiration);return url.toString().split("\\?")[1];}public static String getAclPath(String url, int timeOut) throws ParseException {ClientBuilderConfiguration config = new ClientBuilderConfiguration();config.setSupportCname(false);Date expiration = new Date(new Date().getTime() + timeOut * 1000L);OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET, config);return ossClient.generatePresignedUrl(BUCKET_NAME, getObjectNameByFullUrl(url), expiration).toString();}public static String getObjectNameByFullUrl(String url) {if (!url.contains(FILE_CATALOG)) return null;/*** a/a.pdf*/return FILE_CATALOG + url.split(FILE_CATALOG)[1];}/*** 刪*/public static List<String> deleteObject(String bucketName, List<String> keys) {ArrayList<String> newKeys = new ArrayList<>();keys.stream().forEach(key -> {newKeys.add(key.replace(HTTPS_URL_PREFIX + "/", ""));});OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET);DeleteObjectsResult deleteObjectsResult = ossClient.deleteObjects(new DeleteObjectsRequest(bucketName == null ? BUCKET_NAME : bucketName).withKeys(newKeys));List<String> deletedObjects = deleteObjectsResult.getDeletedObjects();ossClient.shutdown();return deletedObjects;}}

整合接口

 @PostMapping("csdnUpFile")public Result csdnUpFile(@RequestParam("file") MultipartFile multipartFile, @RequestParam("acl") String perm) throws IOException {HashMap<String, String> map = new HashMap<>();map.put("fileName", multipartFile.getOriginalFilename());map.put("fileUrl", OssUtil.zzhUpload(null, multipartFile, perm));return Result.success(map);}@PostMapping("csdnSetAcl")public Result csdnSetAcl(@RequestParam("filePath") String filePath) throws IOException {OssUtil.setAcl(null, filePath, true);return Result.success("ok");}@PostMapping("csdnGetAclPath")public Result csdnGetAclPath(@RequestParam("filePath") String url) throws IOException {return Result.success(OssUtil.getAclPath(url, 60));}@PostMapping("csdnDeleteFile")public Result csdnDeleteDile(@RequestBody List<String> urls) throws IOException {return Result.success(OssUtil.deleteObject(null, urls));}

測(cè)試

上傳文件設(shè)置成公共讀

文件正常訪(fǎng)問(wèn)

將全路徑地址作為參數(shù)掉修改權(quán)限接口

再次訪(fǎng)問(wèn)此地址提示無(wú)權(quán)限

加上簽名訪(fǎng)問(wèn)文件可以正常訪(fǎng)問(wèn)

其他方法不做一一測(cè)試了，刪除文件也是傳上傳接口返回的全路徑即可，可直接刪除文件。其他操作看下阿里的Oss 文檔即可，機(jī)械代碼不做過(guò)多描述