(resource: *)
or all operations (action: *)
, data security risks may arise.examplebucket-1-1250000000
, you can’t upload objects to the examplebucket-2-1250000000
bucket or download objects from the examplebucket-1-1250000000
bucket.Language | Download Address | Sample |
Java | ||
.NET | ||
Go | ||
Node.js | ||
PHP | ||
Python |
// Import `java sts sdk` using the integration method with Maven as described on GitHub, with v3.1.0 or later required.public class Demo {public static void main(String[] args) {TreeMap<String, Object> config = new TreeMap<String, Object>();try {// `SecretId` and `SecretKey` represent permanent identities (root account, sub-account) for applying for a temporary key. If it is a sub-account, it must have permission to operate buckets.String secretId = System.getenv("secretId");// User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.String secretKey = System.getenv("secretKey");// User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.// Replace it with your Cloud API key SecretIdconfig.put("secretId", secretId);// Replace it with your Cloud API key SecretKeyconfig.put("secretKey", secretKey);// Set a domain:// If you use Tencent Cloud CVMs, you can set an internal domain.//config.put("host", "sts.internal.tencentcloudapi.com");// Validity period of the key, in seconds (default: 1800). The value can be up to 7200 (2 hours) for the root account, and 129600 (36 hours) for a sub-account.config.put("durationSeconds", 1800);// Replace it with your own bucketconfig.put("bucket", "examplebucket-1250000000");// Replace it with the region where your bucket residesconfig.put("region", "ap-guangzhou");// Change it to an allowed path prefix. You can determine the upload path based on your login status.// Examples of several typical prefix authorization scenarios:// 1. Allow access to all objects: "*"// 2. Allow access to specified objects: "a/a1.txt", "b/b1.txt"// 3. Allow access to objects with specified prefixes: "a*", "a/*", "b/*"// If "*" is entered, you allow the user to access all resources. Unless otherwise necessary, grant the user only the limited permissions that are needed following the principle of least privilege.config.put("allowPrefixes", new String[] {"exampleobject","exampleobject2"});// A list of permissions needed for the key (required)// The following permissions are required for simple, form-based, and multipart upload. For other permissions, visit https://www.tencentcloud.com/document/product/436/30580.String[] allowActions = new String[] {// Simple upload"name/cos:PutObject",// Upload using a form or Weixin Mini Program"name/cos:PostObject",// Multipart upload"name/cos:InitiateMultipartUpload","name/cos:ListMultipartUploads","name/cos:ListParts","name/cos:UploadPart","name/cos:CompleteMultipartUpload"};config.put("allowActions", allowActions);/*** Set `condition` (if necessary)//# Condition for the temporary key to take effect. For the detailed configuration rules of `condition` and `condition` types supported by COS, visit https://www.tencentcloud.com/document/product/436/71307?from_cn_redirect=1.final String raw_policy = "{\\n" +" \\"version\\":\\"2.0\\",\\n" +" \\"statement\\":[\\n" +" {\\n" +" \\"effect\\":\\"allow\\",\\n" +" \\"action\\":[\\n" +" \\"name/cos:PutObject\\",\\n" +" \\"name/cos:PostObject\\",\\n" +" \\"name/cos:InitiateMultipartUpload\\",\\n" +" \\"name/cos:ListMultipartUploads\\",\\n" +" \\"name/cos:ListParts\\",\\n" +" \\"name/cos:UploadPart\\",\\n" +" \\"name/cos:CompleteMultipartUpload\\"\\n" +" ],\\n" +" \\"resource\\":[\\n" +" \\"qcs::cos:ap-shanghai:uid/1250000000:examplebucket-1250000000/*\\"\\n" +" ],\\n" +" \\"condition\\": {\\n" +" \\"ip_equal\\": {\\n" +" \\"qcs:ip\\": [\\n" +" \\"192.168.1.0/24\\",\\n" +" \\"101.226.100.185\\",\\n" +" \\"101.226.100.186\\"\\n" +" ]\\n" +" }\\n" +" }\\n" +" }\\n" +" ]\\n" +"}";config.put("policy", raw_policy);*/Response response = CosStsClient.getCredential(config);System.out.println(response.credentials.tmpSecretId);System.out.println(response.credentials.tmpSecretKey);System.out.println(response.credentials.sessionToken);} catch (Exception e){e.printStackTrace();throw new IllegalArgumentException("no valid secret !");}}}
sessionToken
through the x-cos-security-token
field, and calculates the signature using the temporary SecretId
and SecretKey
.// Import `cos xml java sdk` using the integration method with Maven as described on GitHub.import com.qcloud.cos.*;import com.qcloud.cos.auth.*;import com.qcloud.cos.exception.*;import com.qcloud.cos.model.*;import com.qcloud.cos.region.*;public class Demo {public static void main(String[] args) throws Exception {// Basic user informationString tmpSecretId = "COS_SECRETID"; // Replace it with the temporary SecretId returned by the STS API.String tmpSecretKey = "COS_SECRETKEY"; // Replace it with the temporary SecretKey returned by the STS API.String sessionToken = "Token"; // Replace it with the temporary token returned by the STS API.// 1. Initialize user authentication information (`secretId`, `secretKey`).COSCredentials cred = new BasicCOSCredentials(tmpSecretId, tmpSecretKey);// 2. Set the bucket region. For more information on COS regions, visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.ClientConfig clientConfig = new ClientConfig(new Region("ap-guangzhou"));// 3. Generate a COS clientCOSClient cosclient = new COSClient(cred, clientConfig);// The bucket name must contain `appid`.String bucketName = "examplebucket-1250000000";String key = "exampleobject";// Upload an object. You are advised to call this API to upload objects smaller than 20 MB.File localFile = new File("src/test/resources/text.txt");PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, localFile);// Set the `x-cos-security-token` header field.ObjectMetadata objectMetadata = new ObjectMetadata();objectMetadata.setSecurityToken(sessionToken);putObjectRequest.setMetadata(objectMetadata);try {PutObjectResult putObjectResult = cosclient.putObject(putObjectRequest);// Success: PutObjectResult returns the file ETag.String etag = putObjectResult.getETag();} catch (CosServiceException e) {//Failure: CosServiceException is thrown.e.printStackTrace();} catch (CosClientException e) {//Failure: CosClientException is thrown.e.printStackTrace();}// Disable the clientcosclient.shutdown();}}
Was this page helpful?