You need to enable JavaScript to run this app.
导航
管理桶策略(Java SDK)
最近更新时间:2024.02.04 18:31:02首次发布时间:2023.01.19 14:37:15

桶(Bucket)是 TOS 的全局唯一的命名空间,相当于数据的容器,用来储存对象(Object)数据。TOS针对桶(Bucket)资源的权限控制包括桶授权策略(Bucket Policy)和桶访问控制(Bucket ACL)。本文介绍如何通过 TOS Java SDK 管理桶的授权策略(Policy)。有关桶的访问控制管理请参考读写权限配置。

设置桶策略

您可以通过 TOS Java SDK 的 putBucketPolicy 接口设置指定桶的授权策略。

注意

  • 设置桶策略,您的账号必须具备 tos:PutBucketPolicy 权限。具体操作,请参见权限配置概述
  • 拥有tos:PutBucketPolicy 权限的用户可以任意更改桶策略,并可以通过此权限获取其他权限,建议您谨慎配置。

示例代码

以下代码展示如何设置桶的桶策略。

import com.volcengine.tos.TOSV2;
import com.volcengine.tos.TOSV2ClientBuilder;
import com.volcengine.tos.TosClientException;
import com.volcengine.tos.TosServerException;
import com.volcengine.tos.model.bucket.PutBucketPolicyInput;
import com.volcengine.tos.model.bucket.PutBucketPolicyOutput;

public class PutBucketPolicyExample {
    public static void main(String[] args) {
        String endpoint = "your endpoint";
        String region = "your region";
        String accessKey = System.getenv("TOS_ACCESS_KEY");
        String secretKey = System.getenv("TOS_SECRET_KEY");

        String bucketName = "your bucket name";

        TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey);

        try{
            // 如下 policy 中的 bucketName 需要替换为您的桶名
            String policy = "{\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"tos:Get*\",\"tos:List*\",\"tos:HeadBucket\"],\"Resource\":\"trn:tos:::bucketName\"}]}";
            PutBucketPolicyInput input = new PutBucketPolicyInput().setBucket(bucketName).setPolicy(policy);
            PutBucketPolicyOutput output = tos.putBucketPolicy(input);
            System.out.println("putBucketPolicy succeed");
        } catch (TosClientException e) {
            // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送
            System.out.println("putBucketPolicy failed");
            System.out.println("Message: " + e.getMessage());
            if (e.getCause() != null) {
                e.getCause().printStackTrace();
            }
        } catch (TosServerException e) {
            // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息
            System.out.println("putBucketPolicy failed");
            System.out.println("StatusCode: " + e.getStatusCode());
            System.out.println("Code: " + e.getCode());
            System.out.println("Message: " + e.getMessage());
            System.out.println("RequestID: " + e.getRequestID());
        } catch (Throwable t) {
            // 作为兜底捕获其他异常,一般不会执行到这里
            System.out.println("putBucketPolicy failed");
            System.out.println("unexpected exception, message: " + t.getMessage());
        }
    }
}

获取桶策略

您可以通过 TOS Java SDK 的 getBucketPolicy 接口获取指定桶当前配置的桶策略。

注意

获取桶策略,您的账号必须具备 tos:GetBucketPolicy 权限,具体操作,请参见权限配置概述

示例代码

以下代码展示如何获取桶的桶策略。

import com.volcengine.tos.TOSV2;
import com.volcengine.tos.TOSV2ClientBuilder;
import com.volcengine.tos.TosClientException;
import com.volcengine.tos.TosServerException;
import com.volcengine.tos.model.bucket.GetBucketPolicyInput;
import com.volcengine.tos.model.bucket.GetBucketPolicyOutput;

public class GetBucketPolicyExample {
    public static void main(String[] args) {
        String endpoint = "your endpoint";
        String region = "your region";
        String accessKey = System.getenv("TOS_ACCESS_KEY");
        String secretKey = System.getenv("TOS_SECRET_KEY");

        String bucketName = "your bucket name";

        TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey);

        try{
            GetBucketPolicyInput input = new GetBucketPolicyInput().setBucket(bucketName);
            GetBucketPolicyOutput output = tos.getBucketPolicy(input);
            System.out.println("getBucketPolicy succeed, policy is " + output.getPolicy());
        } catch (TosClientException e) {
            // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送
            System.out.println("getBucketPolicy failed");
            System.out.println("Message: " + e.getMessage());
            if (e.getCause() != null) {
                e.getCause().printStackTrace();
            }
        } catch (TosServerException e) {
            // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息
            System.out.println("getBucketPolicy failed");
            System.out.println("StatusCode: " + e.getStatusCode());
            System.out.println("Code: " + e.getCode());
            System.out.println("Message: " + e.getMessage());
            System.out.println("RequestID: " + e.getRequestID());
        } catch (Throwable t) {
            // 作为兜底捕获其他异常,一般不会执行到这里
            System.out.println("getBucketPolicy failed");
            System.out.println("unexpected exception, message: " + t.getMessage());
        }
    }
}

删除桶策略

您可以通过 TOS Java SDK 的 deleteBucketPolicy 接口删除指定桶当前配置的桶策略。

注意

删除策略,您的账号必须具备 tos:DeleteBucketPolicy 权限,具体操作,请参见权限配置概述

示例代码

以下代码展示如何删除桶的桶策略。

import com.volcengine.tos.TOSV2;
import com.volcengine.tos.TOSV2ClientBuilder;
import com.volcengine.tos.TosClientException;
import com.volcengine.tos.TosServerException;
import com.volcengine.tos.model.bucket.DeleteBucketPolicyInput;
import com.volcengine.tos.model.bucket.DeleteBucketPolicyOutput;

public class DeleteBucketPolicyExample {
    public static void main(String[] args) {
        String endpoint = "your endpoint";
        String region = "your region";
        String accessKey = System.getenv("TOS_ACCESS_KEY");
        String secretKey = System.getenv("TOS_SECRET_KEY");
        String bucketName = "your bucket name";

        TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey);

        try{
            DeleteBucketPolicyInput input = new DeleteBucketPolicyInput().setBucket(bucketName);
            DeleteBucketPolicyOutput output = tos.deleteBucketPolicy(input);
            System.out.println("deleteBucketPolicy succeed, " + output);
        } catch (TosClientException e) {
            // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送
            System.out.println("deleteBucketPolicy failed");
            System.out.println("Message: " + e.getMessage());
            if (e.getCause() != null) {
                e.getCause().printStackTrace();
            }
        } catch (TosServerException e) {
            // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息
            System.out.println("deleteBucketPolicy failed");
            System.out.println("StatusCode: " + e.getStatusCode());
            System.out.println("Code: " + e.getCode());
            System.out.println("Message: " + e.getMessage());
            System.out.println("RequestID: " + e.getRequestID());
        } catch (Throwable t) {
            // 作为兜底捕获其他异常,一般不会执行到这里
            System.out.println("deleteBucketPolicy failed");
            System.out.println("unexpected exception, message: " + t.getMessage());
        }
    }
}

相关文档

关于存储桶策略的更多信息,请参见存储桶授权策略管理