怎么建设一个淘宝客网站谁知道,做gif动态图网站,关于网站建设的好处,免费做网页的网站minio的public桶因为没有限制#xff0c;所以在直接访问到桶地址的时候会列出桶内所有文件的url#xff0c;这样很不安全#xff0c;如何禁止这个功能#xff0c;可以使用三种方法
1、如果是新版的可以直接设置桶的Access Policy为自定义就好 编辑custom的Policy#xff…minio的public桶因为没有限制所以在直接访问到桶地址的时候会列出桶内所有文件的url这样很不安全如何禁止这个功能可以使用三种方法
1、如果是新版的可以直接设置桶的Access Policy为自定义就好 编辑custom的Policy去掉Action集合中的ListBucket就可以了如下是去掉后的json
{Version: 2012-10-17,Statement: [{Effect: Allow,Principal: {AWS: [*]},Action: [s3:GetBucketLocation,s3:ListBucketMultipartUploads],Resource: [arn:aws:s3:::桶名称]},{Effect: Allow,Principal: {AWS: [*]},Action: [s3:AbortMultipartUpload,s3:DeleteObject,s3:GetObject,s3:ListMultipartUploadParts,s3:PutObject],Resource: [arn:aws:s3:::桶名称/*]}]
}
设置完后 2、有些minio版本不支持直接设置那就要通过minio Client设置桶的custom的Policy了
下载地址http://dl.minio.org.cn/client/mc/release/linux-amd64/mc 下载后放到服务器上然后根据以下命令运行即可
1添加连接服务 ./mc config host add minio http://127.0.0.1:9000 用户名 密码
2查看已连接的服务查看上步添加的minio连接服务是否成功 ./mc config host list
3置PUBLIC桶的访问权限 ./mc anonymous set-json /home/aadata/minio/自定义桶的Policy的json文件.json minio/桶名 自定义桶的Policy的json文件.json文件如下
{Version: 2012-10-17,Statement: [{Effect: Allow,Principal: {AWS: [*]},Action: [s3:GetBucketLocation,s3:ListBucketMultipartUploads],Resource: [arn:aws:s3:::桶名]},{Effect: Allow,Principal: {AWS: [*]},Action: [s3:AbortMultipartUpload,s3:DeleteObject,s3:GetObject,s3:ListMultipartUploadParts,s3:PutObject],Resource: [arn:aws:s3:::桶名/*]}]
}
4删除第一部添加的服务 ./mc config host remove minio
3、直接代码中实现设置桶的Policy参照下面代码自行理解吧
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;import io.minio.*;
import io.minio.http.Method;public class Minio {/*** minio参数*/private static final String ENDPOINT http://127.0.0.1:9000;private static final String ACCESS_KEY ******;private static final String SECRET_KEY ******;/*** 桶占位符*/private static final String BUCKET_PARAM ${bucket};/*** bucket权限-只读*/private static final String READ_ONLY {\Version\:\2012-10-17\,\Statement\:[{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:GetBucketLocation\,\s3:ListBucket\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM \]},{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:GetObject\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM /*\]}]};/*** bucket权限-只读*/private static final String WRITE_ONLY {\Version\:\2012-10-17\,\Statement\:[{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:GetBucketLocation\,\s3:ListBucketMultipartUploads\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM \]},{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:AbortMultipartUpload\,\s3:DeleteObject\,\s3:ListMultipartUploadParts\,\s3:PutObject\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM /*\]}]};/*** bucket权限-读写*/private static final String READ_WRITE {\Version\:\2012-10-17\,\Statement\:[{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:GetBucketLocation\,\s3:ListBucket\,\s3:ListBucketMultipartUploads\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM \]},{\Effect\:\Allow\,\Principal\:{\AWS\:[\*\]},\Action\:[\s3:DeleteObject\,\s3:GetObject\,\s3:ListMultipartUploadParts\,\s3:PutObject\,\s3:AbortMultipartUpload\],\Resource\:[\arn:aws:s3::: BUCKET_PARAM /*\]}]};/*** 文件url前半段** param bucket 桶* return 前半段*/public static String getObjectPrefixUrl(String bucket) {return String.format(%s/%s/, ENDPOINT, bucket);}/*** 创建桶** param bucket 桶*/public static void makeBucket(String bucket) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();// 判断桶是否存在boolean isExist client.bucketExists(BucketExistsArgs.builder().bucket(bucket).build());if (!isExist) {// 新建桶client.makeBucket(MakeBucketArgs.builder().bucket(bucket).build());}}/*** 更新桶权限策略** param bucket 桶* param policy 权限*/public static void setBucketPolicy(String bucket, String policy) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();switch (policy) {case read-only:client.setBucketPolicy(SetBucketPolicyArgs.builder().bucket(bucket).config(READ_ONLY.replace(BUCKET_PARAM, bucket)).build());break;case write-only:client.setBucketPolicy(SetBucketPolicyArgs.builder().bucket(bucket).config(WRITE_ONLY.replace(BUCKET_PARAM, bucket)).build());break;case read-write:client.setBucketPolicy(SetBucketPolicyArgs.builder().bucket(bucket).config(READ_WRITE.replace(BUCKET_PARAM, bucket)).build());break;case none:default:break;}}/*** 上传本地文件** param bucket 桶* param objectKey 文件key* param filePath 文件路径* return 文件url*/public static String uploadFile(String bucket, String objectKey, String filePath) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();client.uploadObject(UploadObjectArgs.builder().bucket(bucket).object(objectKey).filename(filePath).contentType(image/png).build());return getObjectPrefixUrl(bucket) objectKey;}/*** 流式上传文件** param bucket 桶* param objectKey 文件key* param inputStream 文件输入流* return 文件url*/public static String uploadInputStream(String bucket, String objectKey, InputStream inputStream) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();client.putObject(PutObjectArgs.builder().bucket(bucket).object(objectKey).stream(inputStream, inputStream.available(), -1).contentType(image/png).build());return getObjectPrefixUrl(bucket) objectKey;}/*** 下载文件** param bucket 桶* param objectKey 文件key* return 文件流*/public static InputStream download(String bucket, String objectKey) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();return client.getObject(GetObjectArgs.builder().bucket(bucket).object(objectKey).build());}/*** 文件复制** param sourceBucket 源桶* param sourceObjectKey 源文件key* param bucket 桶* param objectKey 文件key* return 新文件url*/public static String copyFile(String sourceBucket, String sourceObjectKey, String bucket, String objectKey) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();CopySource source CopySource.builder().bucket(sourceBucket).object(sourceObjectKey).build();client.copyObject(CopyObjectArgs.builder().bucket(bucket).object(objectKey).source(source).build());return getObjectPrefixUrl(bucket) objectKey;}/*** 删除文件** param bucket 桶* param objectKey 文件key*/public static void deleteFile(String bucket, String objectKey) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();client.removeObject(RemoveObjectArgs.builder().bucket(bucket).object(objectKey).build());}/*** 获取文件签名url** param bucket 桶* param objectKey 文件key* param expires 签名有效时间 单位秒* return 文件签名地址*/public static String getSignedUrl(String bucket, String objectKey, int expires) throws Exception {MinioClient client MinioClient.builder().endpoint(ENDPOINT).credentials(ACCESS_KEY, SECRET_KEY).build();return client.getPresignedObjectUrl(GetPresignedObjectUrlArgs.builder().method(Method.GET).bucket(bucket).object(objectKey).expiry(expires).build());}public static void main(String[] args) {String bucket public;String objectKey demo/123.png;try {// 创建桶makeBucket(bucket);// 设置桶读写权限setBucketPolicy(bucket, read-write);// 上传本地文件String url1 uploadFile(bucket, objectKey, D://123.png);// 输出 http://127.0.0.1:9000/demo/123.pngSystem.out.println(url1);// 上传文件流String url2 uploadInputStream(bucket, objectKey, new FileInputStream(new File(D://123.png)));// 输出 http://127.0.0.1:9000/demo/123.pngSystem.out.println(url2);// 下载文件InputStream inputStream download(bucket, objectKey);// 文件复制String url3 copyFile(bucket, objectKey, test, test/abc.png);// 输出 http://127.0.0.1:9000/test/abc.pngSystem.out.println(url3);// 删除文件deleteFile(test, test/abc.png);// 获取文件签名urlString sign getSignedUrl(bucket, objectKey, 600);// 该路径可访问文件五分钟System.out.println(sign);} catch (Exception e) {e.printStackTrace();}}
}
